EC-Council CTIA Module 7.2 Practice Test 002

By /

This practice test covers Module 7 (Threat Hunting and Detection) Sub-module 2 (Threat Hunting Automation).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 7.2 Practice Test 002
10 questions • Single best answer
Question 1
A SOC engineer at a healthcare provider scripts repetitive detection searches to run on a fixed schedule. The aim is freeing analysts from manually re-running the same queries each shift. Which capability is being implemented?
    Question 2
    A CTI lead at a regional bank assesses how advanced the organization's hunting capability is. She rates teams from no routine data collection up to fully automated, repeatable procedures. Which framework is she applying?
      Question 3
      An analyst at an MSSP begins a hunt from a hypothesis built on adversary TTPs mapped to ATT&CK, rather than from a single indicator. The search uses IoAs and known techniques to guide it. Which type of hunting is this?
        Question 4
        A hunter at a cloud provider opens an investigation after a specific malicious hash sparks interest, then pivots through related artifacts. The search begins from an indicator rather than a predefined hypothesis. Which hunting type is described?
          Question 5
          A detection team documents its workflow: create a hypothesis, investigate with tools and techniques, uncover patterns, then enrich analytics for future detection. They want the recognized four-stage cycle's name. Which framework is this?
            Question 6
            An analyst integrates intelligence directly into hunts using a three-phase methodology: initiate, hunt, and finalize. The approach is designed to make intelligence drive targeted investigations. Which methodology is being used?
              Question 7
              A hiring manager at a government agency defines requirements for a hunting role. She lists pattern recognition, knowledge of OS internals, data analysis, and adversary TTP familiarity. What is she defining?
                Question 8
                A SOC engineer wants to automate repetitive hunting queries and parse large log datasets programmatically. She selects a flexible, widely supported language with strong data libraries for this scripting. Which language is most commonly used?
                  Question 9
                  A manager evaluates automating routine hunts at an enterprise SOC. She wants analysts to focus on complex, novel investigations instead of repetitive tasks. What is the primary benefit she should expect?
                    Question 10
                    A new hunting team asks where a structured hunt should begin. The lead explains it starts with an educated assumption about adversary presence that is then tested. Which element initiates the process?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top