EC-Council CTIA Module 5.3 Practice Test 002

By /

This practice test covers Module 5 (Data Analysis) Sub-module 3 (Threat Analysis).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.3 Practice Test 002
10 questions • Single best answer
Question 1
A threat hunting team at a healthcare provider studies an adversary's behavioral patterns, infrastructure, and campaign-level activity to anticipate future campaigns. They focus on understanding the attacker's methods rather than isolated artifacts. Which type of threat intelligence analysis does this describe?
    Question 2
    An analyst at a financial institution must weigh several conflicting explanations for a series of intrusions without favoring an early assumption. She lists each possible explanation and assesses the evidence against all of them at once. Which analytic technique is she applying?
      Question 3
      After a prolonged intrusion, an incident response team asks the CTI team to identify which adversary group was responsible based on TTPs, infrastructure, and code similarities. The goal is to name the actor behind the campaign. What process is being performed?
        Question 4
        A CTI analyst maps an intrusion using a framework whose four core features are adversary, capability, infrastructure, and victim. She uses it to connect related events into a coherent campaign. Which framework is she using?
          Question 5
          A security architect at a cloud provider systematically identifies potential threats, weaknesses, and attack vectors against a new application before deployment. The aim is to anticipate how it could be compromised. What activity is this?
            Question 6
            An analyst receives thousands of data items from multiple feeds, many outdated or irrelevant to the organization. Before acting, she confirms each item's accuracy and relevance and ranks them by risk. What is she doing?
              Question 7
              An intelligence lead prepares a briefing for executives on long-term adversary trends, geopolitical risk, and impact on business planning. The content avoids technical artifacts and focuses on high-level decision support. Which type of intelligence is this?
                Question 8
                A SOC team supporting an MSSP consumes intelligence about specific malicious IPs, hashes, and domains to update detection rules immediately. The intelligence supports day-to-day defensive operations. Which type of threat intelligence analysis is this?
                  Question 9
                  A CTI team wants a more rigorous, matrix-driven method that scores how consistent each piece of evidence is across multiple explanations. They need to reduce analyst bias systematically. Which approach fits?
                    Question 10
                    A government agency's CTI team converts processed threat data into meaningful insights by examining adversary capability, intent, and opportunity to support defensive decisions. This transformation produces actionable findings. What is being performed?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top