EC-Council CTIA Module 2.4 Practice Test 003

This practice test covers Module 2 (Introduction to Threat Intelligence) Sub-module 4 (MITRE ATT\&CK and Diamond Model).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260626

10 questions • Single best answer

Question 1

An intelligence lead at a telecommunications company maps observed adversary behaviors to a knowledge base organized by tactics and techniques across the attack lifecycle. The matrix catalogs real-world TTPs. Which framework is this?

A. Diamond Model B. Cyber Kill Chain C. Pyramid of Pain D. MITRE ATT&CK

Question 2

An analyst notes the columns in the matrix represent the adversary's goals, such as persistence or exfiltration, while entries beneath are specific methods. What does each column header represent?

A. An indicator B. A technique C. A tactic D. A signature

Question 3

Within the persistence column, creating a scheduled task describes one specific way that goal is achieved. What is this specific method called in the framework?

A. A technique B. A tactic C. A campaign D. A vulnerability

Question 4

An analyst uses a model built on four core features—adversary, capability, infrastructure, and victim—to analyze a single intrusion event. Which model is being applied?

A. Cyber Kill Chain B. Diamond Model C. MITRE ATT&CK D. Pyramid of Pain

Question 5

In a Diamond Model analysis, the analyst documents the command-and-control domains and IP addresses the adversary used to deliver capabilities. Which core feature is this?

A. Adversary B. Victim C. Capability D. Infrastructure

Question 6

The analyst records the malware and exploits the attacker employed against the target. Which Diamond Model core feature captures these tools and techniques?

A. Infrastructure B. Capability C. Victim D. Adversary

Question 7

Analysts attribute the activity to a specific group operating the malicious tooling and infrastructure. Which Diamond Model feature represents the actor behind the event?

A. Victim B. Capability C. Adversary D. Infrastructure

Question 8

The model documents the targeted organization, its assets, and the email accounts attacked. Which core feature does this describe?

A. Victim B. Adversary C. Capability D. Infrastructure

Question 9

A SOC adopts the framework to standardize how detections are described and to identify gaps against known adversary behaviors. What is the primary benefit?

A. Guaranteeing zero breaches B. Eliminating false positives C. Removing the need for analysts D. Standardizing detection coverage

Question 10

An analyst wants to examine the relationships among adversary, capability, infrastructure, and victim for one intrusion, rather than catalog techniques in a matrix. Which framework fits?

A. MITRE ATT&CK B. Diamond Model C. Cyber Kill Chain D. Pyramid of Pain

EC-Council CTIA Module 2.4 Practice Test 003

Related Posts

Leave a Comment Cancel Reply