EC-Council CTIA Module 4.5 Practice Test 001

This practice test covers Module 4 (Data Collection and Processing) Sub-module 5 (Bulk Data Collection).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.5 Practice Test 002

10 questions • Single best answer

Question 1

A CTI team at a global bank must continuously acquire millions of records from paste sites, hacker forums, and open IoC repositories every day. Manual analyst collection cannot keep pace with the volume and velocity required. Which collection approach is purpose-built for this scale?

A. Manual copy-and-paste of relevant entries into a tracking spreadsheet B. Bulk data collection using automated crawlers, scrapers, and API ingestion pipelines C. Subscribing to one curated weekly digest from a single commercial vendor D. Pulling only internal endpoint logs into the organization's SIEM

Question 2

After running a bulk crawl across dozens of open threat feeds, an analyst finds the raw dataset is full of duplicate indicators and fields written in inconsistent formats (e.g., mixed date styles and hash types). Which bulk data management activities should be performed before the data is analyzed?

A. Threat attribution and adversary profiling B. Intelligence dissemination to stakeholders C. Deduplication and normalization of the collected records D. Publishing the raw dataset to the public knowledge base

Question 3

A bulk collection pipeline ingests terabytes of mixed threat data each day. To make sure analysts spend their time only on data relevant to the organization's threat profile, what should be applied before analysis?

A. Archive every record indefinitely with no filtering B. Forward all unfiltered data straight to every SOC analyst C. Relevance filtering and tagging driven by the collection plan and intelligence requirements D. A single signature-based IDS rule set applied to all data

Question 4

An MSSP's bulk collection system harvests millions of records from external feeds, and the team is now seeing severe storage and processing delays. Which bulk data management strategy best resolves the performance problem at this scale?

A. Replace automated pipelines with manual analyst collection B. Implement data partitioning, compression, and tiered storage based on data age and relevance C. Cut collection down to a single RSS feed D. Move all collected data into one shared analyst spreadsheet

Question 5

A team is designing storage for a bulk collection system that harvests paste dumps, forum posts, and credential-leak databases, and they need to query and correlate the data efficiently across fields like IP, domain, and hash. Which storage model is most appropriate?

A. Unindexed plain-text flat files in a single directory B. An indexed, structured data store such as a distributed NoSQL or SQL database with schema mapping C. Email attachments forwarded to a shared mailbox D. PDF exports saved to a network drive

Question 6

A CTI lead discovers the bulk collection pipeline is ingesting indiscriminately — advertising data, benign content, and spam are flowing in alongside genuine indicators. What is the most appropriate corrective action?

A. Halt all collection until a full security audit is finished B. Refine the collection plan with tighter source targeting, keyword filters, and relevance criteria C. Forward all collected data to the CISO without filtering D. Replace the pipeline with a single commercial feed subscription

Question 7

During bulk collection, an analyst finds a large share of harvested paste-site data contains personally identifiable information (PII) unrelated to any threat activity. What is the correct course of action?

A. Retain all the PII in case it is useful for future correlation B. Post the PII to the team's internal knowledge base for reference C. Apply data-handling policies to minimize PII retention, redact where required, and escalate to legal or compliance D. Share the PII dataset with external ISAC partners right away

Question 8

A TIP ingests bulk data from 40 feeds, and analysts notice much of the dataset is stale — indicators are months old and no longer relevant. Which bulk data management practice should be implemented?

A. Retain all data forever, since age does not affect intelligence value B. Implement data aging and expiration policies that automatically retire stale indicators using TTL thresholds C. Have analysts manually review every indicator once a year D. Disable all automated feeds and return to manual collection

Question 9

An analyst writes a bulk collection script that pulls indicator objects from multiple TAXII servers in STIX 2.1 format. What is the primary advantage of collecting bulk data in a standardized format like STIX?

A. STIX files are always smaller than CSV and need less storage B. STIX is proprietary to the collecting organization, which prevents unauthorized access C. STIX provides a common structured language enabling automated processing, correlation, and sharing across platforms without custom parsing D. STIX removes the need to deduplicate bulk data

Question 10

A SOC supporting a critical-infrastructure operator wants to stand up a continuous bulk collection capability spanning ISACs, dark web forums, and government advisory portals. Which component is most critical to the program's long-term success?

A. A collection plan defining sources, frequency, data types, and retention aligned to intelligence requirements B. A single high-bandwidth internet connection to maximize download speed C. A large pool of analyst workstations dedicated to reviewing raw bulk data D. A contract that outsources all collection to a third-party provider

EC-Council CTIA Module 4.5 Practice Test 001

Related Posts

Leave a Comment Cancel Reply