EC-Council CTIA Module 4.4 Practice Test 001

By /

This practice test covers Module 4 (Data Collection and Processing) Sub-module 4 (Threat Intelligence Data Collection and Acquisition).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.4 Practice Test 001
10 questions • Single best answer
Question 1
A CTI team lead at an e-commerce company is mapping the organization's data collection capabilities. She needs to classify intelligence derived from publicly available internet sources such as social media, forums, and news sites. Which collection discipline describes this method?
    Question 2
    A threat intelligence analyst needs to identify subdomains, mail server records, and zone transfer vulnerabilities associated with a suspected threat actor's infrastructure. Which data collection technique directly supports this goal?
      Question 3
      An analyst wants to collect metadata, directory structure information, and technology stack details from a threat actor's public-facing website without triggering intrusion detection alerts. Which collection technique is most appropriate?
        Question 4
        A SOC team receives a phishing email suspected to originate from a nation-state actor. An analyst examines the email headers to trace routing hops, originating IP addresses, and mail server relay chains. This activity is an example of which threat data collection technique?
          Question 5
          A threat intelligence analyst wants to automate the retrieval of IoC data from multiple vendor REST APIs, deduplicate entries, and output structured JSON for ingestion into the team's TIP. Which approach best supports scalable, repeatable data acquisition?
            Question 6
            A CTI analyst at an MSSP needs to map the digital footprint of a vendor flagged in an alert. She runs a tool that automatically correlates domain names, IP addresses, email addresses, and social profiles into a visual link graph for adversary profiling. Which type of tool is she using?
              Question 7
              An incident response team asks the CTI team to collect IoC data generated within the organization's own environment, including endpoint alerts, firewall logs, and EDR telemetry from an active intrusion. Which source category does this represent?
                Question 8
                A CTI analyst uses advanced search operators in a public search engine to discover exposed configuration files, unsecured login pages, and database error messages linked to infrastructure associated with a ransomware group. This technique is commonly known as what?
                  Question 9
                  A government CTI team embeds an analyst to monitor and participate in a closed threat actor forum, gathering adversary intentions, planned targets, and attack timelines. This collection activity — designed to penetrate adversary operations — is classified under which discipline?
                    Question 10
                    A threat intelligence team receives a malware sample attributed to an APT group. After detonating it in a sandbox, they extract C2 server addresses, persistence mechanisms, and behavioral signatures. This process is best described as which threat data collection method?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top