EC-Council CTIA Module 5.5 Practice Test 003

This practice test covers Module 5 (Data Analysis) Sub-module 5 (Fine-Tuning Threat Analysis).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260629

10 questions • Single best answer

Question 1

A managed SOC drowns in low-value alerts and adjusts its detection logic to suppress benign noise while keeping real threats. Leadership asks what this refinement of analysis is called. What is it?

A. Fine-tuning threat analysis B. Bulk data collection C. Dissemination D. Threat attribution

Question 2

An analyst tracks how often the system flags harmless activity as malicious and works to drive that number down. Which metric is being reduced?

A. True positive rate B. False positive rate C. Network throughput D. Storage capacity

Question 3

A CTI lead warns that overly aggressive tuning can cause the system to miss genuine attacks entirely. Which error is the team risking when real threats go undetected?

A. False positive B. Buffer overflow C. Memory leak D. False negative

Question 4

A SOC engineer scripts the enrichment, scoring, and triage of incoming indicators so analysts only review high-value cases. Leadership asks the main benefit of automating these analysis tasks. What is it?

A. It removes the need for any data B. It guarantees perfect attribution C. It frees analysts for higher-value work D. It deletes all historical alerts

Question 5

An analyst periodically reviews which detection rules fire usefully and retires those that no longer match current adversary behavior. Leadership asks why this ongoing review matters. What is the reason?

A. Threats and environments change over time B. Rules never need updating C. Storage must always increase D. Analysts must stop using tools

Question 6

A CTI team adjusts alert thresholds and adds context filters so only indicators relevant to their industry trigger investigation. Which goal does this tuning most directly serve?

A. Improving signal-to-noise ratio B. Increasing electricity usage C. Maximizing raw alert volume D. Slowing the analysts down

Question 7

An analyst incorporates feedback from incident responders about which alerts proved useful and uses it to refine future analysis. Which lifecycle element drives this continuous improvement?

A. Cable management B. Feedback loop C. Disk imaging D. Badge access

Question 8

A financial CTI team scores each indicator by confidence and decays the score as the indicator ages. Leadership asks why aging indicators receive lower scores. What is the reason?

A. Older indicators cost more to store B. Older indicators are always encrypted C. Older indicators lose relevance over time D. Older indicators cannot be parsed

Question 9

A SOC integrates machine-learning models that adapt detection based on observed outcomes, reducing repetitive manual tuning. Which capability are they applying to fine-tune analysis?

A. Adaptive automation B. Manual recordkeeping C. Physical surveillance D. Paper checklists

Question 10

A CTI manager balances tuning so the team neither chases endless noise nor misses real attacks. Leadership asks what core trade-off fine-tuning must manage. What is it?

A. Color versus font choice B. Cost versus office space C. Upload versus download speed D. False positives versus false negatives

EC-Council CTIA Module 5.5 Practice Test 003

Related Posts

Leave a Comment Cancel Reply