EC-Council CTIA Module 2.3 Practice Test 002

This practice test covers Module 2 (Cyber Threats and Attack Frameworks) Sub-module 3 (Cyber Kill Chain).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 2.3 Practice Test 002

10 questions • Single best answer

Question 1

An analyst at a power grid operator maps an intrusion to a seven-stage model from Lockheed Martin to understand attacker progression. The first stage involves gathering target information. Which framework is being used?

A. Diamond Model B. Cyber Kill Chain C. MoSCoW D. STRIDE

Question 2

In the model's opening stage, the adversary harvests email addresses and maps exposed services. No payload is delivered yet. Which stage is this?

A. Reconnaissance B. Delivery C. Installation D. Exploitation

Question 3

The attacker couples a remote-access trojan with an exploit inside a malicious PDF, creating a deliverable payload. No victim contact has occurred. Which stage is this?

A. Delivery B. Command and control C. Reconnaissance D. Weaponization

Question 4

The weaponized PDF is emailed to a targeted employee as an attachment. The payload is now en route to the victim. Which stage does this represent?

A. Exploitation B. Installation C. Delivery D. Actions on objectives

Question 5

The victim opens the attachment and the embedded exploit triggers. The attacker's code now runs on the host. Which stage is this?

A. Delivery B. Exploitation C. Reconnaissance D. Command and control

Question 6

After code execution, malware writes itself to disk and sets a registry run key for persistence. Which stage is described?

A. Delivery B. Weaponization C. Reconnaissance D. Installation

Question 7

The implant beacons out to an attacker-controlled server, awaiting instructions and enabling remote operation. Which stage is this?

A. Command and control B. Delivery C. Exploitation D. Reconnaissance

Question 8

With remote control established, the adversary finally collects and exfiltrates the targeted data, fulfilling its goal. Which stage is this?

A. Weaponization B. Delivery C. Actions on objectives D. Installation

Question 9

Defenders aim to detect and disrupt the attack at any stage to stop progression toward the goal. What is the core defensive premise of this model?

A. Attacks are unstoppable B. Disrupting one stage halts the chain C. Only the last stage matters D. Stages occur randomly

Question 10

An analyst notes this linear model is strong for perimeter intrusions but weaker for insider or behavior-based mapping, where another framework excels. Which framework better catalogs adversary techniques?

A. The kill chain again B. MoSCoW C. Pyramid of Pain D. MITRE ATT&CK

EC-Council CTIA Module 2.3 Practice Test 002

Related Posts

Leave a Comment Cancel Reply