EC-Council CTIA Module 5.3 Practice Test 001

This practice test covers Module 5 (Data Analysis) Sub-module 3 (Threat Analysis).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.3 Practice Test 001

10 questions • Single best answer

Question 1

A CTI team at a regional bank conducts an in-depth examination of collected threat data to understand adversary capabilities, motivations, and likely targets. This systematic examination to produce actionable understanding of threats facing the organization is called what?

A. Threat data collection B. Intelligence dissemination C. Threat analysis D. Collection plan development

Question 2

A CTI team produces several types of intelligence analysis. One analyst focuses on understanding adversary TTPs and technical capabilities at a detailed level to inform SOC detection rules. Which type of threat intelligence analysis does this represent?

A. Strategic threat intelligence analysis B. Technical threat intelligence analysis C. Executive risk briefing analysis D. Geopolitical threat landscape analysis

Question 3

A CTI analyst produces an intelligence product characterizing a specific threat actor group's operational patterns, campaign history, preferred targets, and attack infrastructure over the past 18 months. This type of analysis is best described as what?

A. Tactical IoC analysis B. Operational threat intelligence analysis C. Real-time SIEM correlation D. Data normalization

Question 4

An intelligence analyst is asked to brief the board of directors on the long-term cyber threat landscape affecting the financial services sector — including nation-state motivations, regulatory risks, and emerging threat categories. Which type of threat intelligence analysis is most appropriate?

A. Technical malware analysis B. Operational campaign tracking C. Strategic threat intelligence analysis D. Tactical indicator analysis

Question 5

A CTI team analyzing a supply chain attack examines relationships between compromised software vendors, affected downstream organizations, and the adversary's deployment of malicious updates. Which analytical approach helps model these complex multi-party relationships?

A. Bulk data collection planning B. Link analysis to map entity relationships and connections C. Statistical regression forecasting D. Data normalization and deduplication

Question 6

A CTI analyst examines all TTPs used in a series of ransomware attacks against healthcare organizations. She identifies that attackers consistently exploit RDP exposure, use Cobalt Strike for lateral movement, and exfiltrate data before encryption. Identifying these repeated behavioral patterns across incidents is a core goal of which analysis type?

A. Intelligence dissemination planning B. Threat behavior pattern analysis C. Data collection requirement scoping D. Executive risk scoring

Question 7

A CTI analyst is performing threat analysis and needs to distinguish between what a threat actor is technically capable of doing versus what the actor is likely to do based on past behavior and motivation. These two dimensions are known as what in threat analysis?

A. Threat probability and threat severity B. Adversary capability and adversary intent C. Tactical and strategic intelligence D. IoCs and TTPs

Question 8

A CTI analyst performs a deep-dive analysis of a spear-phishing campaign targeting defense contractors. She produces a report covering the actor's target selection rationale, phishing lure themes, delivery infrastructure, and exploitation techniques. This comprehensive examination of an adversary's operational approach is called what?

A. A threat actor profile B. A vulnerability assessment report C. A network penetration test report D. A data retention policy

Question 9

A CTI team analyzes threat intelligence to assess which threat actors have both the capability and the intent to attack the organization's critical assets. The intersection of capability, intent, and opportunity is used to define what concept?

A. Risk tolerance B. Threat C. Vulnerability D. Control

Question 10

A CTI analyst examines threat data to identify which of the organization's business processes, systems, and data assets are most likely to be targeted based on their value and the adversary's known interests. This identification process is part of which threat analysis activity?

A. Threat actor capability assessment B. Crown jewels analysis or critical asset identification C. Vulnerability remediation planning D. Security awareness training design

EC-Council CTIA Module 5.3 Practice Test 001

Related Posts

Leave a Comment Cancel Reply