EC-Council CTIA Module 7.1 Practice Test 002

By /

This practice test covers Module 7 (Threat Hunting and Detection) Sub-module 1 (Threat Hunting Concepts).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 7.1 Practice Test 002
10 questions • Single best answer
Question 1
A threat hunter at a managed security service provider is briefing a client on the team's value. He stresses that the team actively searches networks for adversaries that evaded existing defenses, rather than waiting for alerts. Which practice is he describing?
    Question 2
    An analyst at a healthcare network begins a hunt based on a hypothesis derived from known adversary TTPs mapped to MITRE ATT&CK. The hunt follows a defined methodology rather than a random trigger. Which type of hunting is this?
      Question 3
      A threat hunter at a retail company initiates a hunt after spotting a single suspicious hash during routine review. The hunt has no predefined hypothesis and follows the indicator wherever it leads. Which type of hunting does this represent?
        Question 4
        A SOC manager at a bank assesses the team using the Hunting Maturity Model. The team relies solely on automated alerts with no routine data collection or hunting effort. Which maturity level describes this team?
          Question 5
          A threat hunting team at a cloud provider has just formed a hypothesis about possible lateral movement. They have not yet examined any logs or run queries. According to the Threat Hunting Loop, what should they do next?
            Question 6
            A CTI-driven hunt team adopts a three-phase methodology beginning with an initiation trigger, moving to hunt execution, and ending with finalization. Threat intelligence is integrated throughout each phase. Which methodology are they using?
              Question 7
              A hiring manager at a government agency is defining requirements for a threat hunter role. She prioritizes forming hypotheses, examining large volumes of logs, and understanding how attackers operate. Which competency set is most essential for this role?
                Question 8
                A hunter at a critical-infrastructure operator builds a hypothesis using crown-jewel analysis and internal risk assessments specific to the environment. The hypothesis is not derived from external intelligence feeds. Which hypothesis type is this?
                  Question 9
                  A threat hunting team at an insurance firm justifies its budget to leadership. They argue that hunting's main benefit is reducing how long adversaries remain undetected in the environment. Which metric best reflects this benefit?
                    Question 10
                    A SOC at a telecom uses intelligence feeds to form starting hypotheses for its hunts from IoCs and TTPs. The team wants to scale repetitive hunts without manual effort. Which approach addresses the scaling need?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top