EC-Council CTIA Module 5.4 Practice Test 003

This practice test covers Module 5 (Data Analysis) Sub-module 4 (Threat Analysis Process).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260629

10 questions • Single best answer

Question 1

An incident response team asks the CTI group to begin threat analysis by first clarifying exactly what questions the analysis must answer. Which initial step of the threat analysis process is this?

A. Disseminating the final report B. Defining the analysis objectives C. Archiving old logs D. Decommissioning sensors

Question 2

After gathering relevant data, a CTI analyst examines it to identify patterns, draw inferences, and reach conclusions about the threat. Which phase of the threat analysis process is this?

A. Collection tasking B. Requirement setting C. Sensor deployment D. Data examination and interpretation

Question 3

A CTI team uses the Diamond Model to pivot from a known malicious domain to discover other victims sharing that infrastructure. Which Diamond Model feature enables this pivoting?

A. Analytic pivoting across vertices B. Disk defragmentation C. Password rotation D. Cable management

Question 4

Before acting on findings, an analyst checks each indicator to confirm it is accurate, current, and not a false positive. Which step of the threat analysis process is this?

A. Report formatting B. Indicator validation C. Budget approval D. Sensor calibration

Question 5

With limited resources, a CTI lead must decide which validated indicators warrant action first based on severity and relevance. Which analytic step addresses this ordering?

A. Prioritization of indicators B. Data encryption C. Cable labeling D. License renewal

Question 6

An analyst building a threat model lists potential adversaries, entry points, and assets, then ranks scenarios by likelihood and impact. Leadership asks the main purpose of threat modeling. What is it?

A. To purchase new hardware B. To replace the firewall C. To recolor dashboards D. To identify and prioritize likely threats

Question 7

A CTI analyst assigns a likelihood label such as 'highly likely' to a conclusion and records the supporting evidence. Leadership asks what this label communicates. What does it express?

A. The analyst's confidence in the judgment B. The size of the dataset C. The cost of the tools D. The number of analysts

Question 8

Midway through analysis, new evidence contradicts the team's working conclusion. A CTI lead insists the process must allow revisiting earlier judgments. Which characteristic of the threat analysis process is this?

A. It is strictly one-directional B. It is iterative and revisable C. It forbids new evidence D. It ends at collection

Question 9

A government analyst maps a campaign's adversary, their malware, the servers used, and the targeted agency into one connected diagram. Which framework's four core features are being populated?

A. PCI DSS controls B. OWASP Top Ten C. Diamond Model vertices D. ITIL stages

Question 10

At the end of the threat analysis process, an analyst packages conclusions and recommendations for decision-makers to consume. Which step concludes the process?

A. Producing the intelligence output B. Re-imaging workstations C. Renewing certificates D. Defragmenting disks

EC-Council CTIA Module 5.4 Practice Test 003

Related Posts

Leave a Comment Cancel Reply