EC-Council CTIA Module 5.2 Practice Test 002

By /

This practice test covers Module 5 (Data Analysis) Sub-module 2 (Data Analysis Techniques).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.2 Practice Test 002
10 questions • Single best answer
Question 1
A CTI team at a telecommunications provider studies adversary motivations and intent using narrative observations rather than numeric measurement. The findings rely on interpreting context, behavior, and themes instead of counts. Which analysis type is being applied?
    Question 2
    An analyst measures the frequency of malware detections across thousands of endpoints and expresses results as counts and percentages. The approach depends on numeric values and measurable variables. Which technique does this represent?
      Question 3
      A financial-sector CTI team applies mathematical models to large datasets to find trends, correlations, and probabilities among observed events. They rely on measures such as mean, variance, and distribution. Which method are they using?
        Question 4
        Facing several plausible explanations for an intrusion, an analyst lists each one and systematically scores the evidence against all of them at once. The aim is to find the explanation with the least disconfirming evidence. Which technique is this?
          Question 5
          A CTI lead adopts a structured method specifically to counter confirmation bias when evaluating intrusion explanations. The technique forces analysts to weigh evidence against every hypothesis rather than a favored one. What is the primary benefit?
            Question 6
            An intelligence group scales hypothesis testing across many analysts using a software-supported, matrix-driven extension of ACH. The variant handles large evidence sets and collaborative input. Which approach is described?
              Question 7
              An analyst summarizes what already happened across past incidents, reporting counts and patterns of historical events without forecasting. The output describes the prior and current state of the data. Which type of data analysis is this?
                Question 8
                A cloud-security CTI team builds models on historical telemetry to forecast the likelihood of future attack attempts. The analysis estimates what is most likely to happen next. Which analysis type applies?
                  Question 9
                  A government CTI unit standardizes its reasoning with externalized, step-by-step methods that make judgments transparent and repeatable. These methods document assumptions and reduce reliance on intuition. What category do they belong to?
                    Question 10
                    An incident response team asks the CTI group to pick a method for a contentious case with multiple viable adversary theories and conflicting evidence. They want rigor in comparing all theories at once. Which technique best fits?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top