EC-Council CTIA Module 5.8 Practice Test 001

By /

This practice test covers Module 5 (Data Analysis) Sub-module 8 (Threat Intelligence Tools).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.8 Practice Test 001
10 questions • Single best answer
Question 1
A threat analyst at a critical-infrastructure operator needs to map observed adversary behaviors to a standardized catalog of techniques and tactics for detection planning. She wants a community-maintained knowledge base. Which resource should she use?
    Question 2
    A CTI team wants to query and visualize relationships among indicators, actors, and campaigns to support pivoting during analysis. They need a platform that aggregates and links intelligence. Which category of tool fits this need?
      Question 3
      An analyst wants to submit a suspicious file and receive a report on its hashes, detections, and related indicators from many engines and sources. Which type of service is most appropriate?
        Question 4
        A SOC engineer wants to share and ingest structured indicators with trusted partners using an open-source platform built specifically for storing and correlating IoCs. Which tool best matches this purpose?
          Question 5
          A threat intelligence lead evaluates tools and stresses that the right choice depends on the program's goals, data sources, and integrations. A new analyst asks what should drive tool selection. What is the primary consideration?
            Question 6
            A CTI analyst maps an intrusion across four interconnected features: adversary, capability, infrastructure, and victim. She uses a framework purpose-built for this structured intrusion analysis. Which framework is she applying?
              Question 7
              An analyst needs to research a domain's registration history, passive DNS, and associated infrastructure while investigating a phishing campaign. Which category of tooling best supports this enrichment?
                Question 8
                A CTI team wants automated playbooks that ingest intelligence, enrich alerts, and trigger response actions across multiple security tools. Which technology category provides this orchestration capability?
                  Question 9
                  A threat hunter writes detection logic to match files by specific byte patterns and string signatures during malware triage. She uses a rule language built for identifying and classifying malware samples. Which language is this?
                    Question 10
                    A CTI program integrates several tools and finds analysts wasting time copying data between them manually. Leadership asks what most improves efficiency. Which capability should the team prioritize when selecting tools?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top