EC-Council CTIA Module 6.7 Practice Test 001

This practice test covers Module 6 (Intelligence Reporting and Dissemination) Sub-module 7 (Intelligence Sharing Acts and Regulations).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 6.7 Practice Test 001

10 questions • Single best answer

Question 1

A CTI lead at a U.S. energy company wants to share threat indicators with the federal government. She references a U.S. law that provides liability protection for private companies sharing cybersecurity threat indicators with the government. Which legislation provides this protection?

A. Health Insurance Portability and Accountability Act (HIPAA) B. Cybersecurity Information Sharing Act (CISA 2015) C. Sarbanes-Oxley Act (SOX) D. Computer Fraud and Abuse Act (CFAA)

Question 2

A European CTI team wants to share threat intelligence that includes IP addresses of suspected threat actors with U.S.-based sector partners. They must ensure the sharing complies with EU data protection law. Which regulation governs this cross-border personal data transfer?

A. Cybersecurity Information Sharing Act (CISA 2015) B. General Data Protection Regulation (GDPR) C. Federal Information Security Management Act (FISMA) D. Payment Card Industry Data Security Standard (PCI DSS)

Question 3

A CTI analyst at a U.S. Defense Industrial Base (DIB) company receives a mandatory cybersecurity reporting requirement from the Department of Defense. The regulation requires timely reporting of cyber incidents and sharing of associated indicators. Which framework imposes this requirement on DIB contractors?

A. NIST Cybersecurity Framework (CSF) B. DFARS Clause 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) C. ISO 27001 D. SOC 2 Type II

Question 4

A CTI team shares threat indicators with government partners under CISA 2015. The law requires that before sharing, the organization must scrub the indicators of any information that is not directly related to a cybersecurity threat. What is this requirement called?

A. TLP marking assignment B. Privacy scrubbing or removal of personally identifiable information (PII) unrelated to the threat C. Source reliability assessment D. Intelligence confidence calibration

Question 5

A CTI team at an EU-based financial institution discovers a cyberattack and needs to report it under the Network and Information Security Directive. The attack affected essential services. Which regulation imposes mandatory cyber incident reporting obligations on EU operators of essential services?

A. GDPR Article 83 B. NIS Directive (Directive on Security of Network and Information Systems) C. HIPAA Breach Notification Rule D. PCI DSS Requirement 12.10

Question 6

A CTI analyst preparing to share threat intelligence across international borders must consider whether the receiving country has been granted 'adequacy' status by the European Commission. What does adequacy status mean in the context of GDPR?

A. The receiving country uses the same threat intelligence platform as the EU organization B. The European Commission has determined that the receiving country provides a level of data protection essentially equivalent to EU standards C. The receiving country is a NATO member and therefore exempt from all GDPR requirements D. The receiving country has agreed to use TLP markings on all shared intelligence

Question 7

A CTI team member encounters a potential legal issue: the indicators they want to share include IP addresses that could identify individuals, making them potentially personal data under GDPR. The team's legal counsel advises them to apply a legitimate basis for processing. Which GDPR provision is most relevant to CTI data processing for security purposes?

A. GDPR Article 6(1)(f) — Legitimate interests in security-related data processing B. GDPR Article 17 — Right to erasure C. GDPR Article 20 — Right to data portability D. GDPR Article 83 — Fine structure

Question 8

A CTI team discovers that threat indicators they received from a partner contain data that appears to violate GDPR because it includes excessive personal data beyond what is necessary for the threat intelligence purpose. What GDPR principle has been violated?

A. Purpose limitation B. Data minimization C. Storage limitation D. Integrity and confidentiality

Question 9

A CTI analyst at a U.S.-based financial institution wants to participate in the Financial Sector Cybersecurity Operations Center (FS-ISAC) automated sharing program. The program is authorized under U.S. federal law to facilitate financial sector cyber threat sharing. What legal framework most directly enables this participation?

A. Sarbanes-Oxley Act Section 404 B. CISA 2015 and Financial Services Modernization Act provisions supporting sector information sharing C. FISMA requirements for federal agency systems D. Payment Card Industry Data Security Standard (PCI DSS)

Question 10

A CTI team lead is reviewing the organization's intelligence sharing agreements before participating in a new international sector sharing group. She specifically checks whether the agreements address antitrust concerns. Why are antitrust considerations relevant to intelligence sharing?

A. Sharing threat intelligence may violate patent laws B. Without legal protections, sharing competitive intelligence alongside threat data could expose organizations to antitrust liability C. Antitrust laws prohibit all forms of data sharing between competitors D. Intelligence sharing is always exempt from antitrust laws

EC-Council CTIA Module 6.7 Practice Test 001

Related Posts

Leave a Comment Cancel Reply