EC-Council CTIA Module 2.3 Practice Test 001

This practice test covers Module 2 (Cyber Threats and Attack Frameworks) Sub-module 3 (Cyber Kill Chain).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 2.3 Practice Test 001

10 questions • Single best answer

Question 1

A CTI analyst at a manufacturing firm needs a model that breaks an intrusion into ordered phases from early target research through final objectives. She wants a framework describing attacks as a sequential progression. Which model applies?

A. Cyber Kill Chain B. Diamond Model C. Pyramid of Pain D. MoSCoW method

Question 2

A SOC team maps an attack and identifies the phase where the adversary pairs an exploit with a malicious payload to create a deliverable attack tool. Which kill chain phase is this?

A. Actions on objectives B. Reconnaissance C. Weaponization D. Installation

Question 3

An incident responder reviews logs showing a phishing email carrying a malicious attachment sent to staff. She maps this to the kill chain phase where the weaponized payload is transmitted to the target. Which phase is it?

A. Exploitation B. Delivery C. Command and control D. Reconnaissance

Question 4

A threat hunter identifies the moment malicious code executed and triggered a vulnerability on the victim host after the email was opened. Which kill chain phase does this represent?

A. Weaponization B. Delivery C. Actions on objectives D. Exploitation

Question 5

A CTI analyst observes malware establishing a channel back to an external server, letting the adversary issue remote commands to the compromised host. Which kill chain phase describes this beaconing activity?

A. Command and control B. Reconnaissance C. Weaponization D. Delivery

Question 6

A SOC director asks why mapping intrusions to ordered phases helps defenders. The CTI lead explains that breaking each phase early can stop the attack before its goal. What is the core defensive value?

A. It guarantees attackers never succeed B. It removes the need for monitoring C. It enables disruption at any phase before objectives D. It identifies the attacker's nationality

Question 7

An analyst maps the phase where the adversary installs malware to maintain a durable foothold on the compromised system. Which kill chain phase corresponds to this action?

A. Reconnaissance B. Installation C. Delivery D. Weaponization

Question 8

A healthcare CTI team reaches the final phase of an intrusion where the adversary achieves its goal, such as stealing or destroying data. Which kill chain phase captures this end stage?

A. Exploitation B. Command and control C. Reconnaissance D. Actions on objectives

Question 9

A CTI analyst at an MSSP places the kill chain phases in order for a training session. She needs to identify which phase comes first in the sequence. Which phase begins the chain?

A. Reconnaissance B. Installation C. Command and control D. Actions on objectives

Question 10

A threat intelligence lead contrasts the kill chain with a behavior catalog, noting the kill chain's defining structural feature. An analyst asks what most distinguishes the kill chain approach. Which feature is it?

A. A four-vertex relationship map B. A ranked list of indicator types C. A linear sequence of attack phases D. A requirements prioritization scheme

EC-Council CTIA Module 2.3 Practice Test 001

Related Posts

Leave a Comment Cancel Reply