EC-Council CTIA Module 6.9 Practice Test 001

By /

This practice test covers Module 6 (Intelligence Reporting and Dissemination) Sub-module 9 (Threat Intelligence Sharing and Collaboration using Python Scripting).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 6.9 Practice Test 001
10 questions • Single best answer
Question 1
A government agency's CTI developer writes Python to pull STIX 2.1 indicator bundles from a partner's TAXII 2.1 server. He needs the library purpose-built to connect to TAXII servers. Which library should he use?
    Question 2
    A CTI engineer must programmatically build and parse STIX 2.1 objects such as indicators and relationships in Python. An analyst asks which library is designed for creating and handling STIX content. Which is correct?
      Question 3
      A threat hunter writes Python rules to match patterns in malware samples and wants to share these signatures with partner teams. An analyst asks which detection language is typically authored and shared for this purpose. Which is correct?
        Question 4
        A CTI analyst uses Python with the requests library to call a vendor's REST API and retrieve a JSON feed of malicious IPs. An analyst asks what Python structure most naturally holds the parsed JSON response. Which is correct?
          Question 5
          A developer automating intelligence sharing wants partners to retrieve indicators on demand from a server his script publishes to. An analyst asks what TAXII concept represents the named container that holds the shared objects. Which is correct?
            Question 6
            A CTI team schedules a Python script to fetch a feed every hour and append new indicators to their TIP automatically. A manager asks what primary advantage scripting provides over manual sharing. Which answer is most accurate?
              Question 7
              An engineer wants his Python sharing script to authenticate securely to a partner's TAXII server without hardcoding credentials in the source code. An analyst asks the best practice for handling these secrets. Which is correct?
                Question 8
                A CTI developer writes Python to normalize indicators from several feeds into a single STIX format before sharing. An analyst asks what processing problem this normalization step primarily solves. Which is correct?
                  Question 9
                  A team integrates a Python collaboration script that posts new high-severity indicators to a shared channel so analysts across sites are alerted instantly. An analyst asks what capability this primarily supports. Which is correct?
                    Question 10
                    A CTI engineer's script must handle a TAXII server that occasionally returns errors or times out during large pulls. An analyst asks what coding practice keeps the automation resilient. Which answer is most appropriate?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top