EC-Council CTIA Module 5.3 Practice Test 003

This practice test covers Module 5 (Data Analysis) Sub-module 3 (Threat Analysis).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260629

10 questions • Single best answer

Question 1

A defense contractor's CTI team studies an adversary's capabilities, intent, and opportunity to gauge the danger it poses to their assets. Leadership asks what this focused examination is called. What is it?

A. Data sampling B. Log rotation C. Penetration testing D. Threat analysis

Question 2

An analyst produces day-to-day technical findings on specific IoCs and malware for SOC operators to action immediately. Which level of threat intelligence analysis is this?

A. Strategic B. Executive C. Tactical D. Diplomatic

Question 3

A bank's CTI team prepares a long-term assessment of geopolitical and industry threat trends to guide board-level investment decisions. Which level of analysis does this represent?

A. Strategic B. Tactical C. Operational D. Signature-based

Question 4

An analyst tracks a specific upcoming campaign, predicting the adversary's likely timing, targets, and methods to support defensive planning. Which level of threat intelligence is this?

A. Strategic B. Operational C. Marketing D. Financial

Question 5

A CTI team analyzes a malware sample to determine which threat group most likely created and deployed it. Which analytic activity is being performed?

A. Data normalization B. Log compression C. Threat attribution D. Port scanning

Question 6

An analyst structures threat analysis around four linked elements: adversary, capability, infrastructure, and victim. Which model organizes intrusions this way?

A. Diamond Model B. OSI Model C. Waterfall Model D. CIA Triad

Question 7

A CTI lead explains that threat analysis should always be framed against what the organization actually needs to protect. Which factor anchors the analysis to business impact?

A. The vendor's logo B. The office location C. The brand color D. Critical assets and their value

Question 8

An analyst evaluates how likely an adversary is to succeed by weighing the threat's capability against the organization's exposed weaknesses. Which combined concept is being assessed?

A. Color palette B. Risk (threat and vulnerability) C. Network latency D. Disk capacity

Question 9

A SOC analyst maps an adversary's observed behaviors to documented tactics, techniques, and procedures to anticipate future moves. Which knowledge base best supports this behavioral analysis?

A. MITRE ATT&CK B. WHOIS database C. DNS zone file D. SMTP relay

Question 10

An analyst is reminded that strong attribution should rest on multiple, independent indicators rather than a single clue. Leadership asks why relying on one indicator is risky. What is the reason?

A. Single indicators can be faked or coincidental B. Single indicators are always encrypted C. Single indicators cost too much money D. Single indicators cannot be stored

EC-Council CTIA Module 5.3 Practice Test 003

Related Posts

Leave a Comment Cancel Reply