EC-Council CTIA Module 4.3 Practice Test 002

This practice test covers Module 4 (Data Collection and Processing) Sub-module 3 (Threat Intelligence Feeds and Sources).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.3 Practice Test 002

10 questions • Single best answer

Question 1

A SOC analyst at an MSSP subscribes to a continuously updated stream of malicious IPs, domains, and file hashes. The data refreshes automatically and integrates directly into detection tools. What is this data stream called?

A. Threat intelligence platform B. Threat intelligence feed C. Threat data lake D. Intelligence collection plan

Question 2

A threat intelligence analyst at a critical infrastructure utility wants free, government-sponsored indicators. The feed must be machine-readable and delivered via STIX/TAXII. Which source best fits this need?

A. Commercial paid feed B. Dark web monitoring C. Internal telemetry D. CISA Automated Indicator Sharing

Question 3

An analyst at a budget-constrained nonprofit needs externally sourced indicators at no cost. Paid subscriptions are not an option for the team. Which feed category fits best?

A. Open-source feed B. Commercial subscription feed C. Internal log feed D. Proprietary vendor feed

Question 4

A CTI team at a manufacturing firm wants indicators derived from its own firewalls, IDS sensors, and endpoint logs. These artifacts are generated entirely within the organization's environment. What source category is this?

A. Open-source intelligence B. Commercial feeds C. Internal sources D. ISAC sharing communities

Question 5

A threat intelligence analyst at a regional bank wants sector-specific intelligence shared among peer financial institutions. A membership-based trust model is required for participation. Which source best provides this?

A. Open-source feed B. FS-ISAC C. Dark web forum D. Commercial vendor feed

Question 6

An analyst is automating ingestion of structured threat intelligence between systems. She needs the protocol that defines how the data is transported, not how it is formatted. Which standard handles transport?

A. TAXII B. STIX C. YARA D. OpenIOC

Question 7

A CTI lead at a healthcare provider compares two commercial offerings before committing budget. She assesses each one's relevance, timeliness, and accuracy. What activity is she performing?

A. Data normalization B. Threat attribution C. Intelligence dissemination D. Feed evaluation

Question 8

A SOC manager at an e-commerce company wants vetted, curated indicators with vendor analyst context and very low false positives. Budget is readily available for the team. Which feed type best meets this need?

A. Open-source feed B. Internal log feed C. Commercial feed D. Community OSINT list

Question 9

A threat intelligence analyst at a financial firm seeks early warning of leaked credentials and attack planning. This chatter occurs in underground criminal forums not indexed by search engines. Which source type provides this visibility?

A. Dark web monitoring B. OSINT search engines C. Internal SIEM logs D. ISAC feeds

Question 10

A SOC engineer at a cloud provider wants to automatically block outbound traffic to known malicious hosts. The control relies on a continuously updated blocklist of bad addresses. Which specialized feed supports this?

A. Vulnerability feed B. IP reputation feed C. Malware sample feed D. Geolocation feed

EC-Council CTIA Module 4.3 Practice Test 002

Related Posts

Leave a Comment Cancel Reply