EC-Council CTIA Module 8.3 Practice Test 003

This practice test covers Module 8 (Threat Intelligence in SOC Operations, Incident Response, and Risk Management) Sub-module 3 (Threat Intelligence in Incident Response).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260702
10 questions • Single best answer
Question 1
An incident responder at a hospital receives a suspicious hash and queries the CTI team for context. The team links it to a known ransomware crew. What does intelligence primarily add to response here?
    Question 2
    During triage, responders use intelligence to confirm whether an alert reflects a real, active campaign. A colleague names the benefit. What does intelligence help reduce?
      Question 3
      A responder wants to know an attacker's likely next moves to contain them proactively. An analyst names what intelligence supplies. Which insight helps most?
        Question 4
        After eradication, the CTI team feeds lessons from the incident back into detection and future intelligence. A colleague names this benefit. What phase does intelligence strengthen here?
          Question 5
          A responder enriches indicators from an active incident to find related infrastructure the attacker uses. An analyst names this activity. What is being performed?
            Question 6
            A CTI lead wants responders to prioritize the most damaging active threats first during a multi-alert event. An analyst names what intelligence enables. What does it support?
              Question 7
              During an incident, the CTI team shares indicators with an ISAC to warn peers and gather related sightings. A colleague names the benefit. What does this exchange provide?
                Question 8
                A responder maps observed attacker behavior to a framework to structure the investigation. An analyst names the most suitable one for TTPs. Which framework fits?
                  Question 9
                  A manager wants intelligence to shorten the gap between detecting and containing an intrusion. An analyst names the metric this improves. Which is it?
                    Question 10
                    A new responder confuses reacting to a confirmed incident with proactively searching for hidden threats. The lead clarifies. Which statement is most accurate?

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top