Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-85

EC-Council 312-85 Exam Questions
Certified Threat Intelligence Analyst (Page 3 )

Updated On: 12-Apr-2026
Page 3 of 19
PDF with 88 Questions

Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?

  1. Sandboxing
  2. Normalization
  3. Data visualization
  4. Convenience sampling

Answer(s): B



Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?

  1. Intelligence related to increased attacks targeting a particular software or operating system vulnerability
  2. Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)
  3. Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs
  4. Intelligence that reveals risks related to various strategic business decisions

Answer(s): B



Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?

  1. Unknown unknowns
  2. Unknowns unknown
  3. Known unknowns
  4. Known knowns

Answer(s): C



Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?

  1. Data collection through passive DNS monitoring
  2. Data collection through DNS interrogation
  3. Data collection through DNS zone transfer
  4. Data collection through dynamic DNS (DDNS)

Answer(s): A



John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?

  1. Initial intrusion
  2. Search and exfiltration
  3. Expansion
  4. Persistence

Answer(s): C



Viewing page 3 of 19
Viewing questions 11 - 15 out of 88 questions



Post your Comments and Discuss EC-Council 312-85 exam dumps with other Community members:

312-85 Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!