EC-Council CTIA Module 5.4 Practice Test 002

By /

This practice test covers Module 5 (Data Analysis) Sub-module 4 (Threat Analysis Process).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.4 Practice Test 002
10 questions • Single best answer
Question 1
A threat hunter at a healthcare provider begins examining a newly collected dataset on a suspected intrusion. Before correlating any artifacts, the team must establish what the analysis is meant to accomplish. What is the first step of the threat analysis process?
    Question 2
    An analyst at a cloud services firm is modeling threats against a new web application. The team wants a methodology that classifies threats into spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. Which threat modeling methodology fits this need?
      Question 3
      A CTI team applies the Diamond Model framework to structure analysis of an ongoing campaign. They map the relationships among the attacker, the target, and the resources leveraged during intrusions. Which four core features define this model?
        Question 4
        An analyst at a financial institution receives hundreds of indicators from multiple feeds. Many appear outdated or irrelevant to the organization's environment. What should the analyst do before acting on them?
          Question 5
          A threat analyst faces several plausible explanations for a series of intrusions and wants to avoid confirmation bias. She lists each possible explanation and weighs the available evidence against all of them systematically. Which analytical technique is she applying?
            Question 6
            After analyzing TTPs, infrastructure overlaps, and code similarities, a CTI team links a campaign to a known state-sponsored group. Leadership asks what to call this process of identifying the responsible actor. Which term describes it?
              Question 7
              A risk management team wants a threat modeling approach that aligns technical analysis with business impact across seven defined stages. They prefer a risk-centric, attacker-simulation methodology. Which methodology should they choose?
                Question 8
                While investigating an alert, an analyst at an MSSP discovers a malicious domain. She uses it to uncover related infrastructure and additional victims. This analytic movement across connected elements within the Diamond Model is known as what?
                  Question 9
                  A CTI lead reviews the quality of intelligence produced by the team before it informs decisions. He checks whether each product is accurate, relevant, timely, and actionable. What activity is he performing?
                    Question 10
                    An analyst examines large volumes of network telemetry to detect anomalies by computing baselines, means, and deviations. The team relies on quantitative methods rather than expert judgment alone. Which type of analysis is being used?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top