EC-Council CTIA Module 4.3 Practice Test 001

By /

This practice test covers Module 4 (Data Collection and Processing) Sub-module 3 (Threat Intelligence Feeds and Sources).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.3 Practice Test 001
10 questions • Single best answer
Question 1
A threat hunter at a government defense contractor wants to expand the organization's feed portfolio beyond internal telemetry. Which source type provides government-sponsored threat intelligence at no cost, delivered via STIX/TAXII?
    Question 2
    A CTI analyst at a regional bank needs to access threat intelligence shared exclusively among peer financial institutions about fraud campaigns and banking-sector malware. Which source type is specifically designed for this intra-sector sharing?
      Question 3
      A CTI manager evaluates two commercial feeds. Feed A delivers indicators within 10 minutes of detection but has a 15% false positive rate. Feed B delivers indicators 6 hours later with a 1% false positive rate. Which feed quality attributes are in direct tension here?
        Question 4
        A CTI team at a healthcare MSSP wants to automate ingestion of threat indicators from multiple external sources into their threat intelligence platform. Which protocol and format pairing is the industry standard for machine-readable, automated threat intelligence feed delivery?
          Question 5
          A SOC team at a retail company receives a threat feed delivering malicious IP addresses, domain blocklists, and file hashes flagged during recent campaigns. This feed is best classified as which type of threat intelligence source?
            Question 6
            An intelligence lead at an energy company is selecting OSINT sources to track threat actor campaigns. A colleague argues that commercial feeds are always superior. Which is the most accurate limitation of open-source threat intelligence relative to commercial feeds?
              Question 7
              A CTI analyst is collecting threat intelligence from dark web forums to detect early warning signs of planned attacks against the company's executive team. This activity is best categorized as which type of intelligence source?
                Question 8
                A CTI team ingests indicators from eight different threat feeds, but analysts are overwhelmed by duplicate and expired indicators flooding the platform. Which approach best addresses this operational problem?
                  Question 9
                  An analyst at a logistics company reviews feeds from three vendors and notices that one consistently delivers indicators related to nation-state espionage campaigns targeting aerospace firms. None of these indicators apply to logistics operations. Which feed quality criterion is this vendor failing to meet?
                    Question 10
                    A CTI lead at a utility company wants to supplement commercial feeds with U.S. government intelligence specifically addressing nation-state threats to critical infrastructure. Which government resource is best suited for this requirement?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top