312-85 Exam Details

  • Exam Code
    :312-85
  • Exam Name
    :EC-Council Certified Threat Intelligence Analyst (ECTIA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :49 Q&As
  • Last Updated
    :Jul 14, 2026

EC-COUNCIL 312-85 Online Questions & Answers

  • Question 1:

    Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.

    Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?

    A. Data collection through passive DNS monitoring
    B. Data collection through DNS interrogation
    C. Data collection through DNS zone transfer
    D. Data collection through dynamic DNS (DDNS)

  • Question 2:

    Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.

    Which of the following types of trust model is used by Garry to establish the trust?

    A. Mediated trust
    B. Mandated trust
    C. Direct historical trust
    D. Validated trust

  • Question 3:

    Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header. Connection status and content type Accept-ranges and last-modified information X-powered-by information Web server in use and its version Which of the following tools should the Tyrion use to view header content?

    A. Hydra
    B. AutoShun
    C. Vanguard enforcer
    D. Burp suite

  • Question 4:

    Henry. a threat intelligence analyst at ABC Inc., is working on a threat intelligence program. He was assigned to work on establishing criteria for prioritization of intelligence needs and requirements. Which of the following considerations must be employed by Henry to prioritize intelligence requirements?

    A. Understand frequency and impact of a threat
    B. Understand data reliability
    C. Develop a collection plan
    D. Produce actionable data

  • Question 5:

    Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages: Stage 1: Build asset-based threat profiles Stage 2: Identify infrastructure vulnerabilities Stage 3: Develop security strategy and plans Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

    A. TRIKE
    B. VAST
    C. OCTAVE
    D. DREAD

  • Question 6:

    An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.

    Which of the following technique is used by the attacker?

    A. DNS zone transfer
    B. Dynamic DNS
    C. DNS interrogation
    D. Fast-Flux DNS

  • Question 7:

    Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.

    Which of the following online sources should Alice use to gather such information?

    A. Financial services
    B. Social network settings
    C. Hacking forums
    D. Job sites

  • Question 8:

    Tracy works as a CISO in a large multinational company. She consumes threat intelligence to understand the changing trends of cyber security. She requires intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, improvement of processes, and staff. The intelligence helps her in minimizing business risks and protecting the new technology and business initiatives.

    Identify the type of threat intelligence consumer is Tracy.

    A. Tactical users
    B. Strategic users
    C. Operational users
    D. Technical users

  • Question 9:

    Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.

    What stage of the cyber-threat intelligence is Michael currently in?

    A. Unknown unknowns
    B. Unknowns unknown
    C. Known unknowns
    D. Known knowns

  • Question 10:

    Sarah is a security operations center (SOC) analyst working at JW Williams and Sons organization based in Chicago. As a part of security operations, she contacts information providers (sharing partners) for gathering information such as collections of validated and prioritized threat indicators along with a detailed technical analysis of malware samples, botnets, DDoS attack methods, and various other malicious tools. She further used the collected information at the tactical and operational levels.

    Sarah obtained the required information from which of the following types of sharing partner?

    A. Providers of threat data feeds
    B. Providers of threat indicators
    C. Providers of comprehensive cyber-threat intelligence
    D. Providers of threat actors

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-85 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.