EC-Council CTIA Module 5.8 Practice Test 002

This practice test covers Module 5 (Data Analysis) Sub-module 8 (Threat Intelligence Tools).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.8 Practice Test 002

10 questions • Single best answer

Question 1

A threat hunter at a regional hospital network is investigating a phishing campaign. She wants to visually map the relationships among domains, IP addresses, and sender accounts. Which tool best supports this graphical link analysis?

A. Wireshark B. Nessus C. Maltego D. Splunk

Question 2

A SOC analyst at an MSSP needs a platform to store, correlate, and share indicators of compromise across client communities. The team wants structured IoC sharing with built-in taxonomies. Which tool fits this need?

A. MISP B. Maltego C. Nessus D. Metasploit

Question 3

A CTI analyst at an energy utility wants to visualize which adversary techniques the organization can currently detect. She needs to layer detection coverage onto the adversary technique matrix. Which tool is most appropriate?

A. OpenCTI B. Maltego C. YARA D. ATT&CK Navigator

Question 4

A malware analyst at a financial services firm wants to write pattern-based rules to identify and classify malware families across samples. The rules rely on textual and binary signatures. Which tool enables this?

A. Snort B. YARA C. Maltego D. MISP

Question 5

An intelligence analyst is weighing several explanations for who conducted an intrusion. She wants a structured method that evaluates each explanation against all available evidence to reduce bias. Which technique should she apply?

A. Analysis of Competing Hypotheses B. Brainstorming C. Pyramid of Pain D. Cyber Kill Chain

Question 6

A CTI team wants an open-source platform to structure and store threat knowledge, linking observables, threat actors, and TTPs in one knowledge base. They require STIX 2 support. Which tool fits?

A. Wireshark B. Nessus C. Maltego D. OpenCTI

Question 7

An analyst at a retail enterprise wants a commercial platform that aggregates external feeds and assigns risk scores to indicators in real time. The team values automated context and analytics. Which tool fits?

A. Maltego B. Recorded Future C. YARA D. Nmap

Question 8

An analyst wants to rank indicators by how much difficulty they impose on adversaries when blocked, valuing TTPs over hash values. Which model guides this prioritization? It orders indicators by adversary cost.

A. Diamond Model B. Cyber Kill Chain C. Pyramid of Pain D. MoSCoW Method

Question 9

A government CERT analyst is determining the nation-state group likely behind a sustained campaign by correlating TTPs, infrastructure, and malware. This process of identifying the responsible adversary is known as what?

A. Threat attribution B. Threat hunting C. Data sampling D. Dissemination

Question 10

A CTI lead wants a central repository where analysts store and retrieve past intelligence, adversary profiles, and lessons learned for reuse. The goal is consistent reference across the team. What is this repository called?

A. Runbook B. SIEM C. Threat feed D. Threat knowledge base

EC-Council CTIA Module 5.8 Practice Test 002

Related Posts

Leave a Comment Cancel Reply