EC-Council CTIA Module 5.6 Practice Test 001

By /

This practice test covers Module 5 (Data Analysis) Sub-module 6 (Threat Intelligence Evaluation).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.6 Practice Test 001
10 questions • Single best answer
Question 1
A threat intelligence lead at a national energy regulator reviews finished products before releasing them to member utilities. She must judge whether each product meets analytic quality standards. Which set of criteria best evaluates threat intelligence?
    Question 2
    An analyst links a campaign's malware, infrastructure, and behavior to a known nation-state group, assigning responsibility for the activity to that specific actor. The finding will guide strategic decisions. What is this practice called?
      Question 3
      A SOC supporting a retail chain receives intelligence about attacks targeting industrial control systems it does not operate. The CTI team must decide whether to act. Which evaluation dimension determines if this intelligence applies to their environment?
        Question 4
        An MSSP delivers indicators to clients three weeks after a campaign concludes, by which point the data is obsolete and unusable for defense. Which quality dimension did this intelligence fail to satisfy?
          Question 5
          A threat analyst grades incoming intelligence using a scheme that scores source reliability separately from the credibility of the information itself. She assigns letter and number ratings to each report. Which scale is she most likely applying?
            Question 6
            After disseminating reports, a CTI program manager gathers stakeholder input on whether the products supported their decisions and where they fell short. He plans to act on the responses. What is the primary purpose of this step?
              Question 7
              A threat hunter receives IP indicators from an open feed and confirms each against internal telemetry and multiple corroborating sources before use. He wants to avoid acting on bad data. What is the goal of this validation?
                Question 8
                An intelligence team attributes an attack to a foreign group based solely on the language strings in the malware. A senior analyst warns this evidence can be planted deliberately. What concern does this caution highlight?
                  Question 9
                  A CTI report states an assessment is made with 'moderate confidence' because the sourcing is only partially corroborated. A consumer asks why such labels appear in finished products. Why do analysts assign confidence levels to judgments?
                    Question 10
                    An analyst decides which indicators to operationalize, prioritizing those that are hardest for adversaries to change, such as their tools and behaviors. She references a model that ranks indicator types by adversary cost. Which model informs this choice?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top