EC-Council CTIA Module 7.1 Practice Test 001

By /

This practice test covers Module 7 (Threat Hunting and Detection) Sub-module 1 (Threat Hunting Concepts).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 7.1 Practice Test 001
10 questions • Single best answer
Question 1
A retail company's security manager tells her team that waiting for alerts misses stealthy intruders already inside the network. She wants a proactive practice to search for hidden adversaries before alarms fire. Which practice is she describing?
    Question 2
    A threat hunter forms a specific testable statement, such as that attackers are abusing PowerShell for lateral movement, then searches data to confirm or refute it. An analyst asks what type of hunt this represents. Which is correct?
      Question 3
      A CTI lead assesses how mature her organization's hunting capability is, from no routine data collection up to fully automated, continuous hunting. An analyst asks which model measures these levels. Which is correct?
        Question 4
        A hunting team uses a methodology that integrates threat intelligence directly into structured, repeatable hunts to focus their search on relevant adversaries. An analyst asks which intelligence-led hunting methodology this describes. Which is correct?
          Question 5
          A hunter searches for adversary behaviors and techniques rather than chasing specific file hashes that change easily. A colleague asks why focusing on TTPs makes a hunt more durable. Which answer is most accurate?
            Question 6
            A SOC manager defines the ideal threat hunter as someone who blends data analysis, knowledge of attacker behavior, and familiarity with the environment. An analyst asks what this combination is commonly called. Which is correct?
              Question 7
              A hunting team follows an iterative cycle: create a hypothesis, investigate using tools and data, uncover new patterns, and feed findings back to improve detection. An analyst asks what this cycle is called. Which is correct?
                Question 8
                After a successful hunt uncovers a malicious scheduled task, the team converts the finding into a new automated detection rule. An analyst asks what value this step adds to the program. Which answer is most accurate?
                  Question 9
                  A new analyst confuses threat hunting with incident response. The team lead clarifies the key distinction between the two activities. Which statement best captures that difference?
                    Question 10
                    A financial firm's hunting program relies on rich endpoint and network logs to support hunts. An analyst notes that without sufficient data collection, hunts cannot progress. According to the Hunting Maturity Model, what is the foundational requirement for effective hunting?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top