EC-Council CTIA Module 8.3 Practice Test 001

By /

This practice test covers Module 8 (Threat Intelligence in SOC Operations, Incident Response, and Risk Management) Sub-module 3 (Threat Intelligence in Incident Response).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 8.3 Practice Test 001
10 questions • Single best answer
Question 1
During an active intrusion at a logistics company, responders receive intelligence on the suspected actor's typical lateral movement and exfiltration patterns. The IR lead asks how this intelligence most helps the response. Which answer is most accurate?
    Question 2
    An incident responder uses threat intelligence early in an incident to confirm whether an alert reflects a real, relevant threat before mobilizing the full team. An analyst asks which IR phase this supports. Which is correct?
      Question 3
      Responders pull indicators tied to the active threat and sweep them across all endpoints to find every compromised host. An analyst asks what response activity this indicator sweep primarily supports. Which is correct?
        Question 4
        After containment, the IR team uses intelligence on the actor's persistence mechanisms to ensure every backdoor is removed before restoring service. An analyst asks which phase this intelligence supports. Which is correct?
          Question 5
          An IR team attributes an incident to a known group using intelligence about its tools and infrastructure, helping anticipate the attacker's next moves. A manager asks what this attribution most directly enables during response. Which answer is most accurate?
            Question 6
            During recovery, the team uses intelligence about the actor's likely re-entry attempts to harden systems before bringing them back online. An analyst asks what this contributes to incident recovery and resilience. Which answer is most accurate?
              Question 7
              After an incident, the team documents the actor's observed TTPs and feeds them back to the CTI program to improve future detection. A manager asks what IR phase this feedback supports. Which is correct?
                Question 8
                A new responder confuses threat hunting with incident response during a live event. The IR lead clarifies how intelligence is used differently in IR. Which statement best captures intelligence's role in incident response?
                  Question 9
                  An IR team enriches collected artifacts with external intelligence to determine whether observed malware belongs to a known family with documented behavior. An analyst asks what this enrichment primarily provides responders. Which answer is most accurate?
                    Question 10
                    A CTI manager argues that the relationship between intelligence and incident response is bidirectional, not one-way. A new analyst asks what the IR team contributes back to the intelligence program. Which answer is most accurate?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top