EC-Council CTIA Module 8.3 Practice Test 002

By /

This practice test covers Module 8 (Threat Intelligence in SOC Operations, Incident Response, and Risk Management) Sub-module 3 (Threat Intelligence in Incident Response).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 8.3 Practice Test 002
10 questions • Single best answer
Question 1
An incident response team at a managed security services provider triages a flood of alerts from a client network. They apply threat intelligence to separate genuine threats from background noise. How does it most directly aid this phase?
    Question 2
    During a confirmed breach at an energy utility, responders pull intelligence on the adversary's known behaviors to anticipate lateral movement. They want to block the attacker's likely next actions before they happen. What does this enable?
      Question 3
      An analyst supporting an active incident receives raw IoCs—IPs and file hashes—from the SOC. Before responders act, the analyst correlates them against external feeds to assess relevance and severity. This step is best described as what?
        Question 4
        Following an intrusion at a government agency, the CTI team links observed malware, infrastructure, and techniques to a known state-sponsored group. Leadership asks what this linkage accomplishes for the response effort. What is it?
          Question 5
          After containing a ransomware attack, a hospital's response team studies intelligence on the adversary's methods. They apply it to harden systems and prevent reinfection during restoration. This supports which goal?
            Question 6
            Once an incident at a retail chain is closed, the response team documents the adversary's TTPs and shares them with the CTI program. The aim is to strengthen future detection and intelligence. This loop is part of which activity?
              Question 7
              A threat hunter aiding an incident response notes the attacker keeps changing IP addresses and file hashes. However, the same behavioral patterns persist across the campaign. To build durable detections, which should responders prioritize?
                Question 8
                During an ongoing campaign against a bank, the CTI team gives responders details on the adversary's active operations, infrastructure, and imminent intentions. Which type of intelligence best fits this immediate response need?
                  Question 9
                  A SOC supporting incident response wants to automatically aggregate, enrich, and correlate indicators from multiple feeds within its workflow. Which solution best centralizes and operationalizes this intelligence for responders?
                    Question 10
                    An incident responder at a cloud service provider must determine how far a compromise has spread. She uses intelligence on the threat actor's typical targets and tools to identify which systems were likely hit. What does intelligence improve here?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top