EC-Council CTIA Module 2.1 Practice Test 001

This practice test covers Module 2 (Cyber Threats and Attack Frameworks) Sub-module 1 (Cyber Threats).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 2.1 Practice Test 001

10 questions • Single best answer

Question 1

A CTI lead at a federal government agency reviews intelligence about an intrusion campaign targeting defense contractors over 18 months. The attackers used custom malware, zero-day exploits, and operated with extreme patience and stealth. Which threat actor category most accurately describes this adversary?

A. Script kiddie relying on publicly available exploit kits without advanced technical capability B. Nation-state threat actor conducting espionage operations with significant resources and long-term strategic objectives C. Hacktivist group motivated by political activism and social grievance D. Cybercriminal organization conducting financially motivated ransomware campaigns

Question 2

An analyst at a telecommunications company is categorizing threats for her risk register. She distinguishes threat actors with formal training, coordinated objectives, and purpose-built tools from those acting alone without technical skills who use downloaded exploit kits. Which pair of threat categories does this distinction represent?

A. Internal and external threats B. Structured and unstructured threats C. Targeted and opportunistic threats D. Active and passive threat actors

Question 3

A healthcare organization's security team discovers that a privileged employee has been exfiltrating patient records to an external cloud storage account for several months. The individual used legitimate credentials and bypassed perimeter controls entirely. Which threat category best describes this incident?

A. Structured external threat from a well-resourced nation-state actor B. Insider threat — a malicious internal actor abusing authorized access C. Unstructured external threat from a script kiddie exploiting a known vulnerability D. Advanced persistent threat using zero-day exploits and custom implants

Question 4

A CTI analyst is briefing a financial institution's board on threat actor motivations. She explains that cybercriminal groups pursue a primary objective that distinguishes them from nation-state actors and hacktivists. Which objective most distinctly characterizes cybercriminal threat actors?

A. Long-term strategic espionage targeting government intellectual property B. Ideological disruption and public embarrassment of targeted organizations C. Financial gain through ransomware, fraud, data theft, and extortion D. Geopolitical influence through critical infrastructure disruption

Question 5

An incident response team at a major airline investigates an attack in which perpetrators defaced the company's website and published internal documents to expose alleged unethical labor practices. The attackers claimed responsibility publicly through social media. Which threat actor category best fits this profile?

A. Cybercriminal organization seeking financial gain through extortion and data ransoming B. Hacktivist group using cyberattacks to advance a political or social agenda C. Nation-state actor conducting economic espionage against the aviation sector D. Insider threat acting in response to a personal employment grievance

Question 6

A CTI team at a regional bank identifies a pattern of opportunistic attacks exploiting an unpatched vulnerability using a freely available exploit framework. The attacker showed no ability to pivot further when initial access was limited and left distinctive, unsophisticated artifacts. Which threat actor classification best describes this adversary?

A. Advanced persistent threat actor with sophisticated custom tooling and long-term campaign objectives B. Nation-state actor conducting long-term strategic reconnaissance against financial targets C. Script kiddie — a low-skill attacker using pre-existing tools without deep technical understanding D. Hacktivist motivated by political or ideological objectives against the financial sector

Question 7

A manufacturing company's CTI program manager is classifying threats for the annual threat landscape assessment. The team differentiates threats originating from the organization's own employees and contractors from those originating from outside the enterprise perimeter. Which threat classification framework aligns with this approach?

A. Structured versus unstructured threat classification B. Internal versus external threat classification C. Tactical versus strategic threat classification D. Active versus passive threat classification

Question 8

A CTI analyst supporting a water utility is mapping threat actors targeting critical infrastructure. One category of adversary specifically aims to cause physical disruption, instill fear in civilian populations, or pressure governments by attacking essential services. Which threat category best describes this attacker?

A. Cybercriminal pursuing financial gain through ransomware against operational technology systems B. Cyberterrorist seeking to disrupt critical infrastructure to cause fear or coerce a government C. Hacktivist pursuing reputational damage through website defacement and document disclosure D. Script kiddie conducting opportunistic attacks against accessible internet-exposed systems

Question 9

A CTI team is documenting motivations behind a threat actor who systematically targeted research universities, defense contractors, and technology companies to acquire advanced manufacturing process data. The campaign used spear-phishing and long-term persistence implants. Which objective is this adversary most clearly pursuing?

A. Financial gain through ransom demands and data extortion targeting high-value organizations B. Political activism and public embarrassment of defense and technology companies C. Espionage — acquiring intellectual property to benefit a nation-state's economic or military programs D. Service disruption to impair business operations across the industrial sector

Question 10

An MSSP analyst is briefing a new enterprise client on threat categories they should prioritize. The client asks which category represents the highest degree of technical sophistication, greatest patience, and the most serious threat to crown-jewel assets over an extended period. Which category best answers this question?

A. Unstructured threats from script kiddies exploiting commodity vulnerability scanners B. Hacktivists conducting targeted campaigns against organizations associated with their cause C. Advanced persistent threats — sophisticated, well-resourced actors conducting long-duration targeted operations against high-value assets D. Insider threats from disgruntled employees with limited technical capability and opportunistic access

EC-Council CTIA Module 2.1 Practice Test 001

Related Posts

Leave a Comment Cancel Reply