EC-Council CTIA Module 5.7 Practice Test 003

By /

This practice test covers Module 5 (Data Analysis) Sub-module 7 (Create Runbooks and Knowledge Base).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260630
10 questions • Single best answer
Question 1
A threat hunter at a logistics firm wants analysts to follow identical steps each time a phishing indicator appears. She documents the exact actions in sequence. What is she creating?
    Question 2
    A CTI lead at an insurer builds a central repository storing past adversary profiles, TTPs, and prior investigations for analyst reference. Leadership asks what this resource is called. What is it?
      Question 3
      A SOC manager at a utility notices new analysts respond inconsistently to the same alert type. He wants predictable, lower-variance handling. Which benefit do runbooks primarily deliver here?
        Question 4
        An analyst at a healthcare provider finds the team's knowledge base contains outdated actor TTPs from years ago. She recommends a recurring task. What practice keeps the knowledge base useful?
          Question 5
          A CTI team at a bank wants analysts to spend less time on repetitive triage of known indicators. They embed runbook steps into an automation platform. What capability does this primarily enable?
            Question 6
            An incident responder at a cloud company asks the CTI team where to quickly find documented adversary behaviors before containment. The team points to one resource. Which should they consult?
              Question 7
              A CTI program manager drafts a runbook and wants to confirm it works before relying on it in production. An analyst suggests a validation step. What should she do first?
                Question 8
                An analyst at an MSSP captures lessons, indicators, and decisions from a major investigation so future teams can reuse them. Leadership asks the main long-term value. What does this provide?
                  Question 9
                  A SOC supporting critical infrastructure wants runbooks that scale as threats evolve. An analyst recommends a structural property. Which design choice best supports long-term use?
                    Question 10
                    A new CTI hire at a retailer asks how the knowledge base and runbooks differ in purpose. The lead gives a concise answer. Which statement is most accurate?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top