EC-Council CTIA Module 2.2 Practice Test 001

By /

This practice test covers Module 2 (Cyber Threats and Attack Frameworks) Sub-module 2 (Advanced Persistent Threats).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 2.2 Practice Test 001
10 questions • Single best answer
Question 1
A CTI analyst at a telecom provider studies an intruder who maintained covert access for over a year, exfiltrating data slowly to avoid detection. The actor was well-funded and highly disciplined. Which adversary classification fits?
    Question 2
    A SOC team supporting a defense agency maps an APT operation and identifies the earliest stage where the adversary researched targets and gathered information before any intrusion. Which lifecycle phase is this?
      Question 3
      An incident response team finds that after gaining entry, an APT installed backdoors and scheduled tasks to ensure continued access even after reboots. Which lifecycle objective does this activity represent?
        Question 4
        A CTI lead at an energy company explains why APT campaigns differ from typical opportunistic attacks. She emphasizes a defining trait tied to how long the adversary stays hidden in the environment. Which trait is central?
          Question 5
          A threat hunter observes an APT moving from an initially compromised host toward high-value servers, harvesting credentials to expand access internally. Which lifecycle activity does this describe?
            Question 6
            An analyst briefs leadership that the final goal of most APT campaigns is to quietly remove sensitive data over time without triggering alarms. Which lifecycle stage captures this objective?
              Question 7
              A financial firm's CTI team attributes a sophisticated, sustained campaign to a group likely backed by a foreign government pursuing strategic espionage. Which characteristic most strongly supports an APT attribution?
                Question 8
                A SOC analyst notes that during an APT intrusion the adversary escalated from a standard user account to administrative rights to reach protected systems. Which lifecycle activity is this?
                  Question 9
                  A government CERT explains that APT groups often spend weeks studying an organization's people, technology, and partners before acting. What is the strategic purpose of this extended preparation?
                    Question 10
                    A threat intelligence manager warns executives that APTs adapt their tools and methods when defenders respond, persisting until objectives are met. Which adversary quality does this adaptability reflect?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top