EC-Council CTIA Module 5.4 Practice Test 001

This practice test covers Module 5 (Data Analysis) Sub-module 4 (Threat Analysis Process).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.4 Practice Test 001

10 questions • Single best answer

Question 1

A CTI team begins a structured threat analysis by first identifying critical organizational assets, then assessing which threat actors are relevant, and finally evaluating the likely impact of attack scenarios. Which step should occur first in the threat analysis process?

A. Identifying and prioritizing the organization's critical assets and threat surface B. Publishing an intelligence report to executive leadership C. Deploying new SIEM detection signatures D. Subscribing to additional threat intelligence feeds

Question 2

A CTI analyst applies the STRIDE threat modeling methodology to assess threats against a new cloud-based application. She categorizes threats as Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. STRIDE is an example of which type of tool used in the threat analysis process?

A. A vulnerability scoring framework B. A threat modeling methodology C. A bulk data collection technique D. An intelligence sharing standard

Question 3

A threat analyst uses the Diamond Model to analyze a nation-state intrusion. She maps the adversary (APT group), capability (custom malware), infrastructure (C2 domains), and victim (energy company). Which aspect of the Diamond Model does this represent?

A. The four core features of an intrusion event B. The four phases of the Cyber Kill Chain C. The four layers of defense-in-depth architecture D. The four intelligence types: strategic, operational, tactical, and technical

Question 4

A CTI analyst uses the PASTA (Process for Attack Simulation and Threat Analysis) methodology to assess threats against a financial payment application. PASTA involves seven stages culminating in attack simulations. What category does PASTA belong to in the threat analysis process?

A. A data processing technique B. A risk-centric threat modeling methodology C. A network penetration testing framework D. An intelligence dissemination standard

Question 5

A CTI analyst uses the Diamond Model to identify relationships between observed C2 infrastructure and multiple victim organizations. She discovers that two seemingly unrelated incidents share the same adversary infrastructure, linking them to the same threat campaign. What does this Diamond Model application demonstrate?

A. The model was used to score indicator severity using CVSS B. Activity thread analysis — pivoting on infrastructure to connect related intrusion events C. The model was used to determine which threat feed to subscribe to D. The model generated automated detection rules for the SIEM

Question 6

After completing a threat analysis using the Cyber Kill Chain, a CTI analyst maps defensive controls to each phase of the chain. She identifies that the organization has strong detection at the Exploitation phase but has no visibility into the Reconnaissance or Weaponization phases. What is the primary benefit of this kill chain-based gap analysis?

A. It reveals where the organization's defenses are weakest along the adversary's attack progression B. It determines which threat intelligence feeds should be purchased C. It provides a complete malware reverse engineering methodology D. It automates incident response workflows across all attack phases

Question 7

A CTI analyst at a manufacturing company uses TRIKE methodology to assess threats. TRIKE uses a requirements model and a risk model to define acceptable risk and generate threat lists. What characteristic distinguishes TRIKE from STRIDE in threat modeling?

A. TRIKE is used exclusively for cloud environments while STRIDE applies only to on-premises systems B. TRIKE focuses on defining acceptable risk thresholds and generating actor-centric threat lists, while STRIDE categorizes threats by type against system components C. TRIKE automatically generates SIEM detection rules; STRIDE does not D. TRIKE is exclusively a statistical technique; STRIDE is qualitative only

Question 8

A CTI analyst models an adversary campaign using the Diamond Model and notices that the adversary is using commodity malware (capability) but operating through a bulletproof hosting provider (infrastructure). She pivots on the infrastructure feature. What analytical value does this pivot provide?

A. It reveals the specific programming language the malware was written in B. It may identify other adversary groups or campaigns using the same hosting infrastructure C. It automatically generates incident response playbooks for the campaign D. It determines the financial value of the targeted organization's assets

Question 9

A CTI team uses MITRE ATT&CK in the threat analysis process to map observed adversary behaviors to a standardized taxonomy. An analyst identifies that the attacker used spear-phishing links (T1566.002), PowerShell execution (T1059.001), and credential dumping via LSASS (T1003.001). What does this ATT&CK mapping enable?

A. A financial risk calculation for the affected assets B. Standardized TTP documentation enabling coverage gap assessment, detection engineering, and sharing C. Automatic attribution to a specific nation-state group D. A complete procurement plan for new security tools

Question 10

A CTI analyst conducts threat analysis for a healthcare organization and follows a structured process: (1) define analysis objectives, (2) identify relevant threat actors, (3) assess actor capabilities and intent, (4) model attack scenarios, (5) evaluate organizational exposure, and (6) produce intelligence findings. This sequence reflects what analytical discipline?

A. Ad-hoc reactive threat analysis B. Structured threat analysis process aligned to intelligence requirements C. Penetration testing methodology D. Security audit and compliance review

EC-Council CTIA Module 5.4 Practice Test 001

Related Posts

Leave a Comment Cancel Reply