EC-Council CTIA Module 5.7 Practice Test 001

By /

This practice test covers Module 5 (Data Analysis) Sub-module 7 (Create Runbooks and Knowledge Base).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.7 Practice Test 001
10 questions • Single best answer
Question 1
An incident response team at a logistics firm keeps reacting to phishing inconsistently because each analyst handles it differently. The CTI lead wants a documented, repeatable set of step-by-step procedures. Which artifact should the team create?
    Question 2
    A CTI manager wants new analysts to quickly look up past adversary profiles, prior investigations, and lessons learned in one organized repository. She is building a central reference resource. What is this resource called?
      Question 3
      A SOC team automates a runbook so that when a known malicious hash is detected, containment and enrichment actions execute without manual steps. What is the primary benefit of automating runbook procedures?
        Question 4
        A threat intelligence team debates what belongs in a runbook versus a knowledge base. A senior analyst clarifies the distinction. Which statement best describes a runbook compared to a knowledge base?
          Question 5
          A healthcare CTI team finds that valuable findings from past investigations are lost when analysts leave. Leadership asks how a knowledge base addresses this. What organizational benefit does a maintained knowledge base provide?
            Question 6
            A CTI analyst drafts a runbook for ransomware events and wants it to remain useful as adversary behavior evolves. A colleague stresses one ongoing requirement. What practice keeps runbooks effective over time?
              Question 7
              During a tabletop exercise, a financial CTI team follows a documented playbook that lists triggers, decision points, and actions for a credential-stuffing scenario. Which type of content is the team primarily exercising?
                Question 8
                A CTI team integrates its knowledge base with a threat intelligence platform so analysts can pivot from a current indicator to all prior related findings. What capability does this integration most improve?
                  Question 9
                  An MSSP standardizes runbooks across many client SOCs so junior analysts can handle common alerts without escalating every case. Which outcome most directly results from this standardization?
                    Question 10
                    A CTI program manager wants runbooks and the knowledge base organized so analysts can find the right procedure or prior case during a fast-moving incident. Which design principle best supports this need?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top