EC-Council CTIA Module 2.4 Practice Test 002

This practice test covers Module 2 (Cyber Threats and Attack Frameworks) Sub-module 4 (MITRE ATT\&CK and Diamond Model).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 2.4 Practice Test 002

10 questions • Single best answer

Question 1

A SOC analyst at a retail company maps observed adversary behaviors to a knowledge base organized by tactics and techniques across the attack lifecycle. The matrix catalogs real-world TTPs. Which framework is this?

A. Diamond Model B. Cyber Kill Chain C. MITRE ATT&CK D. STRIDE

Question 2

In the framework, 'Credential Access' represents the adversary's goal, while 'Brute Force' is a specific method to achieve it. What is 'Credential Access' an example of?

A. A tactic B. A technique C. An indicator D. A subnet

Question 3

Within that same framework, 'Spearphishing Attachment' describes a specific way adversaries gain initial access. What is this an example of?

A. A tactic B. A victim C. An objective D. A technique

Question 4

A detection team uses the matrix to find gaps in its coverage and prioritize new detections against common adversary techniques. What is this practice called?

A. Encryption B. Coverage gap mapping C. Patching D. Backup

Question 5

An analyst documents an intrusion using a model whose four core features are adversary, capability, infrastructure, and victim. Which model is this?

A. Cyber Kill Chain B. MITRE ATT&CK C. Diamond Model of Intrusion Analysis D. MoSCoW

Question 6

In this intrusion model, the actor conducting the attack occupies one corner. The opposite corner is the target. Which feature represents the attacker?

A. Adversary B. Victim C. Capability D. Infrastructure

Question 7

The model's feature covering the C2 servers, domains, and IPs the attacker uses to deliver capabilities is which one?

A. Adversary B. Victim C. Capability D. Infrastructure

Question 8

The tools, malware, and exploits an adversary employs map to which core feature of the model?

A. Victim B. Capability C. Infrastructure D. Adversary

Question 9

An analyst discovers one malicious domain, then uses it to reveal related samples and other victims connected to the same actor. This analytic technique across the model's features is called what?

A. Patching B. Hashing C. Pivoting D. Sandboxing

Question 10

A team wants a standardized taxonomy of adversary techniques to align detection engineering and threat hunting. Which framework best serves this purpose?

A. Diamond Model B. Pyramid of Pain C. MoSCoW D. MITRE ATT&CK

EC-Council CTIA Module 2.4 Practice Test 002

Related Posts

Leave a Comment Cancel Reply