EC-Council CTIA Module 8.2 Practice Test 001

This practice test covers Module 8 (Threat Intelligence in SOC Operations, Incident Response, and Risk Management) Sub-module 2 (Threat Intelligence in Risk Management).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 8.2 Practice Test 001

10 questions • Single best answer

Question 1

A risk manager at an energy company wants to improve the accuracy of the organization's cyber risk assessments. She asks the CTI team to provide intelligence that replaces generic threat likelihood assumptions with evidence-based assessments. How does threat intelligence improve risk management processes?

A. It eliminates the need for risk assessments by predicting all future threats B. It replaces qualitative likelihood assumptions with evidence-based threat actor capability and intent assessments C. It automates all risk treatment decisions without human review D. It reduces the number of assets that need to be protected

Question 2

A CTI team provides risk managers with intelligence identifying that a financially motivated threat actor specifically targets organizations of the company's size, sector, and revenue profile using ransomware-as-a-service tools. How should this intelligence influence the risk management process?

A. The risk team should dismiss this intelligence because it does not name a specific attack date B. The intelligence should increase the assessed likelihood of ransomware risk and prioritize controls addressing the identified actor's attack patterns C. The risk team should accept the risk and take no action since prevention is impossible D. The intelligence should be used only for executive awareness briefings, not risk management decisions

Question 3

A risk manager uses threat intelligence to conduct a threat landscape mapping exercise for a healthcare organization's risk register. She identifies that data exfiltration by insider threats is a high-probability, high-impact scenario based on current intelligence. This mapping exercise enables what risk management activity?

A. Automatically patching all vulnerable systems B. Prioritized risk treatment planning targeting the highest-probability, highest-impact threat scenarios C. Eliminating the need for a formal risk register D. Generating a compliance attestation for HIPAA auditors

Question 4

A CTI analyst produces an intelligence report on adversary targeting trends for the financial sector. The CRO (Chief Risk Officer) uses this report to adjust the organization's cyber risk tolerance and update the enterprise risk framework. This use of threat intelligence demonstrates what integration?

A. Threat intelligence integration with SOC alert triage B. Threat intelligence integration with enterprise risk governance and strategic risk decision-making C. Threat intelligence integration with firewall rule management D. Threat intelligence integration with patch management prioritization

Question 5

A CTI team provides intelligence about the probability that a specific ransomware group will target the organization based on sector, size, and recent victimology analysis. The risk team uses this probability in a quantitative cyber risk model. What does incorporating this probability enable?

A. Elimination of residual risk from the risk model B. More accurate calculation of annualized loss expectancy (ALE) and better-informed risk investment decisions C. Automatic cyber insurance policy renewal D. Removal of the organization from the threat actor's target list

Question 6

A risk team conducts an annual cyber risk assessment using a generic industry threat list. A CTI analyst reviews the assessment and notes that several high-probability threats specific to the organization's sector and technology stack are missing, while several low-probability generic threats are over-weighted. What does this evaluation reveal?

A. The risk assessment is appropriately comprehensive and no changes are needed B. The risk assessment lacks specific threat intelligence integration, resulting in misaligned risk prioritization C. The CTI team should stop providing intelligence to the risk team D. The risk assessment should be replaced with a SIEM-based detection report

Question 7

A CTI team provides the risk management team with a heat map showing the likelihood and impact of 15 threat scenarios based on current intelligence. The risk manager uses this to focus the annual control investment plan. This mapping is an example of what intelligence-risk management application?

A. Threat-informed risk scenario prioritization for control investment planning B. Generating a technical IoC list for the SOC C. Creating a data collection plan for the next intelligence cycle D. Automating detection rule deployment to the SIEM

Question 8

After a threat intelligence briefing about an emerging supply chain attack vector, an organization's risk committee decides to accept the risk rather than invest in additional controls. The CTI analyst documents the accepted risk and the intelligence basis for the committee's decision. Why is documenting the intelligence basis for risk acceptance important?

A. It fulfills a CTI report production quota B. It creates an auditable record showing the risk decision was informed by specific intelligence, supporting accountability and future reassessment C. It enables the CTI team to share the accepted risk with external partners D. It prevents any future discussion of the accepted risk

Question 9

A CTI analyst explains to a risk manager how threat intelligence should be refreshed periodically to keep risk assessments current. A risk assessment conducted 18 months ago identified APT41 as the primary threat actor. Current intelligence shows APT41 has significantly expanded its tooling and now targets a new industry vertical relevant to the organization. What does this intelligence update require?

A. No action — risk assessments are valid for 3 years regardless of threat actor evolution B. A risk assessment refresh incorporating the updated threat actor capability and expanded targeting intelligence C. Immediately dismissing all previous risk findings as invalid D. Removing APT41 from the threat register since they have expanded to new industries

Question 10

A CTI team produces a quarterly threat intelligence report specifically designed for the enterprise risk management function. The report includes adversary capability assessments, sector victimology trends, and emerging threat vectors with likelihood ratings calibrated to the organization's profile. This product type is best described as what?

A. A tactical IoC report for SOC detection deployment B. A strategic intelligence product tailored for enterprise risk management C. A raw indicator feed for SIEM ingestion D. A technical vulnerability disclosure report

EC-Council CTIA Module 8.2 Practice Test 001

Related Posts

Leave a Comment Cancel Reply