Certified Threat Intelligence Analyst (CTIA) — Question 52

Marie, a threat analyst at an organization named TechSavvy, was asked to perform operational threat intelligence analysis to get contextual information about security events and incidents.
Which of the following sources does Marie need to use to perform operational threat intelligence analysis?

Answer options

• A. Attack group reports, attack campaign reports, incident reports, malware samples
• B. Activity-related attacks, social media sources, chat room conversations
• C. OSINT, security industry white papers, human contacts
• D. Malware indicators, network indicators, e-mail indicators

Correct answer: B

Explanation

The correct answer is B because operational threat intelligence analysis focuses on real-time threat information and context, which can be gathered from activity-related attacks, social media, and chat rooms. The other options, while they contain relevant information, are more suited for strategic or tactical intelligence rather than operational analysis.