EC-Council CTIA Module 3.3 Practice Test 003

This practice test covers Module 3 (Planning, Direction, and Review) Sub-module 3 (Plan a Threat Intelligence Program).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260628

10 questions • Single best answer

Question 1

A security operations lead at an energy utility defines what the new intelligence program will and will not cover, including which assets and threats are in bounds. What is this boundary-setting activity called?

A. Disseminating intelligence B. Defining the program scope C. Writing indicators of compromise D. Conducting threat hunting

Question 2

Before launch, the team drafts a formal document authorizing the program and stating its objectives, sponsor, and high-level resources. They need its proper name. Which document is this?

A. Analyst runbook B. Incident report C. Sharing agreement D. Project charter

Question 3

An analyst documents the agreed boundaries, permissions, and constraints governing how intelligence activities may be conducted. They need a name for these ground rules. What are they called?

A. Rules of engagement B. Indicators of compromise C. Diamond Model D. Collection feeds

Question 4

The program lead establishes written policies governing data handling, ethics, and acceptable sources before operations begin. A peer asks why. What is the primary purpose of preparing these policies?

A. To guarantee zero breaches B. To replace the SOC team C. To govern how the program operates D. To eliminate requirements analysis

Question 5

Leadership asks what the program will achieve over the next year. The lead presents measurable goals tied to business risk. What are these defined targets called?

A. Indicators of compromise B. Program objectives C. Atomic indicators D. Sharing partners

Question 6

By clearly bounding the program, the lead keeps the team from drifting into unrelated tasks over time. What problem does a well-defined scope primarily prevent?

A. Encryption failures B. Hardware procurement costs C. Regulatory audits D. Scope creep

Question 7

A team sets goals, defines scope, assigns roles, and prepares policies before any collection starts. They label this stage of the effort. Which program phase encompasses these steps?

A. Dissemination B. Incident recovery C. Program planning D. Threat hunting

Question 8

The project charter names an executive who authorizes funding and champions the program across the organization. The lead needs the correct title for this person. What is their role called?

A. Program sponsor B. Threat actor C. Sharing partner D. Incident handler

Question 9

An analyst is unsure whether actively probing an adversary's infrastructure is permitted under the program. Which artifact should clarify what actions are allowed?

A. Pyramid of Pain B. Runbook template C. SIEM dashboard D. Rules of engagement

Question 10

When defining scope, the lead specifies covered assets, threat types, intelligence levels, and stakeholders. A reviewer asks what this section establishes. What does the scope primarily set?

A. The malware sample count B. The program's boundaries and coverage C. The exact attacker identity D. The SIEM vendor choice

EC-Council CTIA Module 3.3 Practice Test 003

Related Posts

Leave a Comment Cancel Reply