Cyber Threat Intelligence (CTI) is primarily focused on understanding the tactics, techniques, and

procedures (TTPs) used by adversaries. The goal is to gain insights into:

Attack Patterns: How cybercriminals or threat actors operate.

Indicators of Compromise (IOCs): Data related to attacks, such as IP addresses or domain names.

Threat Actor Profiles: Understanding motives and methods.

Operational Threat Hunting: Using intelligence to proactively search for threats in an environment.

Decision Support: Assisting SOC teams and management in making informed security decisions.

Other options analysis:

A . Performing root cause analysis for cyber attacks: While CTI can inform such analysis, it is not the

primary purpose.

B . Configuring SIEM systems and endpoints: CTI can support configuration, but that is not its main

function.

C . Recommending best practices for database security: CTI is more focused on threat analysis rather

than specific security configurations.

CCOA Official Review Manual, 1st Edition Reference:

Chapter 6: Threat Intelligence and Analysis: Explains how CTI is used to reveal adversarial TTPs.

Chapter 9: Threat Intelligence in Incident Response: Highlights how CTI helps identify emerging

threats.