EC-Council CTIA Module 2.2 Practice Test 002

This practice test covers Module 2 (Cyber Threats and Attack Frameworks) Sub-module 2 (Advanced Persistent Threats).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 2.2 Practice Test 002

10 questions • Single best answer

Question 1

An analyst at a defense contractor describes an adversary that infiltrated quietly and kept covert access for months while stealing data. The group is well-funded and highly targeted. Which threat class is this?

A. Script kiddie B. Commodity malware C. Advanced Persistent Threat D. Adware

Question 2

What most distinguishes this adversary from opportunistic attacks is its long-term, stealthy presence inside the network. The group deliberately avoids detection. Which characteristic is emphasized?

A. Long-term stealthy persistence B. Loud smash-and-grab C. Random untargeted spread D. No resources

Question 3

Before any intrusion, the group studies the target, harvesting employee names, emails, and exposed services. This information-gathering precedes the attack. Which phase is this?

A. Exfiltration B. Reconnaissance C. Lateral movement D. Cleanup

Question 4

After research, the group sends a spear-phishing email that, when opened, grants its first access. This breach establishes entry. Which phase does this represent?

A. Internal recon B. Privilege escalation C. Exfiltration D. Initial compromise

Question 5

Having gained entry, attackers install backdoors and create accounts to ensure they can return even if one path closes. Which phase is this?

A. Reconnaissance B. Exfiltration C. Establishing a foothold D. Initial recon

Question 6

To reach sensitive systems, the attackers exploit a flaw to obtain administrator rights from a standard account. Which phase does this describe?

A. Privilege escalation B. Dissemination C. Reconnaissance D. Cleanup

Question 7

With elevated access, the group pivots from the initial host to other servers, expanding control across the network. Which phase is this?

A. Initial access B. Reconnaissance C. Weaponization D. Lateral movement

Question 8

Having located the target data, the attackers quietly transfer it out to external servers, completing the mission. Which phase is described?

A. Initial compromise B. Data exfiltration C. Reconnaissance D. Foothold

Question 9

Analysts link tooling, infrastructure, and TTPs to a known state-sponsored group to identify who is responsible. What analytic activity is this?

A. Patching B. Sandboxing C. Threat attribution D. Encryption

Question 10

Unlike a lone amateur, this adversary has sustained funding, skilled operators, and custom malware. Which trait does this indicate?

A. Well-resourced and sophisticated B. Untargeted and cheap C. Noisy and careless D. Short-lived

EC-Council CTIA Module 2.2 Practice Test 002

Related Posts

Leave a Comment Cancel Reply