EC-Council CTIA Module 4.7 Practice Test 002

By /

This practice test covers Module 4 (Data Collection and Processing) Sub-module 7 (Threat Data Collection and Enrichment in Cloud Environments).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.7 Practice Test 002
10 questions • Single best answer
Question 1
A cloud security engineer at a SaaS company wants to gather threat data straight from the provider's logging service. The team needs a record of every API call and account activity across the environment. Which native source captures this?
    Question 2
    A CTI team ingests raw IP indicators from a cloud feed and appends geolocation, ASN, and reputation context. The added context sharpens analyst decision-making during triage. Which process does this describe?
      Question 3
      An analyst collects threat data from several cloud platforms, each using different field names and formats. Before correlation, the inputs must be converted into one consistent schema. Which step achieves this?
        Question 4
        A threat intelligence team faces overwhelming volumes of cloud telemetry and cannot process all of it. They select a representative subset for analysis to keep the workload manageable. Which technique are they applying?
          Question 5
          A CTI analyst must gather security telemetry from a multi-cloud deployment without installing agents on every workload. The approach should fit cloud-native architectures. Which option works best?
            Question 6
            A SOC supporting a cloud-hosted application gathers indicators from its own trail and flow logs rather than vendor feeds. The data originates entirely from the organization's own systems. What type of collection is this?
              Question 7
              An analyst supplements internal cloud logs with commercial threat feeds and ISAC bulletins to broaden coverage. These inputs originate outside the organization. What type of source is being used?
                Question 8
                A CTI team wants centralized visibility into cloud app usage and threats across many SaaS services. They need monitoring with policy enforcement at the cloud-app layer. Which tool category fits?
                  Question 9
                  An organization configures automated pipelines that continuously pull large volumes of logs from cloud storage and streaming services into a data lake. The goal is wide capture for later analysis. Which method does this describe?
                    Question 10
                    While collecting threat data in IaaS, the customer can access OS and application logs while the provider controls the hypervisor layer. These boundaries shape what data each party can gather. Which cloud principle defines them?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top