GCTI Practice Questions: Fundamentals of CTI Domain
Test your GCTI knowledge with 10 practice questions from the Fundamentals of CTI domain. Includes detailed explanations and answers.
GCTI Practice Questions
Master the Fundamentals of CTI Domain
Test your knowledge in the Fundamentals of CTI domain with these 10 practice questions. Each question is designed to help you prepare for the GCTI certification exam with detailed explanations to reinforce your learning.
Question 1
An intelligence report indicates that a new ransomware variant is spreading via a known command and control (C2) infrastructure. Which type of intelligence requirement should be prioritized to effectively counter this threat?
Show Answer & Explanation
Correct Answer: C
Explanation: Tactical Intelligence Requirements focus on immediate, actionable information that can be used to defend against specific threats, such as the technical details of the ransomware and its C2 infrastructure. Strategic (A) involves long-term trends and impacts, Operational (B) involves planning and decision-making processes, and Environmental (D) is not a standard category in CTI.
Question 2
An organization is developing a CTI report for executive stakeholders. Which type of intelligence product format is most appropriate for this audience?
Show Answer & Explanation
Correct Answer: C
Explanation: Strategic intelligence is most appropriate for executive stakeholders as it provides a high-level overview of threats, trends, and potential impacts on the organization. Tactical intelligence is more detailed and action-oriented, operational intelligence focuses on specific operations, and technical intelligence delves into technical details, which may not be suitable for an executive audience.
Question 3
A financial institution has been experiencing targeted phishing attacks aimed at its executives. The threat actor uses spear-phishing emails with malicious attachments to gain initial access. Which phase of the Cyber Kill Chain does this activity best represent?
Show Answer & Explanation
Correct Answer: C
Explanation: The Delivery phase of the Cyber Kill Chain involves the transmission of the weapon to the intended victim. In this scenario, the spear-phishing emails with malicious attachments are the method of delivery. Reconnaissance (A) would involve gathering information about the target, Weaponization (B) involves creating the malicious payload, and Exploitation (D) occurs after the delivery when the malicious payload is executed.
Question 4
During a CTI analysis, an analyst encounters cognitive bias when assessing the likelihood of a threat actor targeting their organization. Which strategy should the analyst employ to mitigate this bias?
Show Answer & Explanation
Correct Answer: B
Explanation: To mitigate cognitive bias, it is important to seek peer reviews and consider diverse perspectives. This helps to challenge assumptions and provides a more balanced view. Relying solely on historical data or recent reports can reinforce existing biases, while intuition alone is not a reliable method for analysis.
Question 5
A cybersecurity analyst is tasked with profiling a threat actor group that has been targeting financial institutions. The group is known for using spear-phishing emails with malicious attachments to gain initial access. Which CTI framework would be most beneficial for analyzing the tactics, techniques, and procedures (TTPs) of this group?
Show Answer & Explanation
Correct Answer: A
Explanation: MITRE ATT&CK is a comprehensive framework that provides a detailed matrix of tactics and techniques used by threat actors. It is particularly useful for analyzing the TTPs of specific groups. The Cyber Kill Chain is more focused on the stages of an attack, while the Diamond Model is useful for understanding the relationships between adversaries, capabilities, infrastructure, and victims. STIX/TAXII is a standard for sharing threat intelligence but does not provide a framework for analyzing TTPs.
Question 6
A CTI analyst receives a report indicating a new threat actor has been using a specific malware strain. To understand the actor's motivations and targets, which CTI framework should the analyst consult?
Show Answer & Explanation
Correct Answer: C
Explanation: The Diamond Model is particularly useful for understanding the motivations and relationships between adversaries, capabilities, infrastructure, and victims. While MITRE ATT&CK provides details on tactics and techniques, it is not specifically designed for motivation analysis. STIX/TAXII is for sharing intelligence, and the Cyber Kill Chain focuses on the stages of an attack.
Question 7
A CTI analyst is tasked with developing intelligence requirements for a multinational corporation. What is the first step in the intelligence lifecycle to ensure these requirements are effective?
Show Answer & Explanation
Correct Answer: C
Explanation: The Planning and Direction phase is the first step in the intelligence lifecycle and involves defining intelligence requirements and determining the necessary actions to address them. Collection (A), Analysis (B), and Dissemination (D) follow after the planning phase, each addressing different aspects of the intelligence process.
Question 8
An intelligence analyst is tasked with developing intelligence requirements for a new CTI program. Which of the following is the most critical step in this process?
Show Answer & Explanation
Correct Answer: A
Explanation: Identifying key stakeholders and understanding their information needs is critical for developing effective intelligence requirements. This ensures that the intelligence produced is relevant and actionable. Collecting data and implementing systems are important but should be guided by clear requirements. Focusing only on known threat actors may overlook emerging threats.
Question 9
An analyst is tasked with correlating indicators of compromise (IOCs) from a recent intrusion. Which of the following tools would be most effective for this task?
Show Answer & Explanation
Correct Answer: A
Explanation: VirusTotal is a tool that allows analysts to check IOCs against a large database of malware samples, providing insights into whether a file or URL is malicious. Shodan is used for discovering internet-connected devices, Maltego is a tool for link analysis, and PassiveTotal is used for analyzing DNS and domain information.
Question 10
A threat intelligence team is using the STIX/TAXII framework to share intelligence about a newly discovered malware campaign. What is the primary benefit of using this framework for sharing threat intelligence?
Show Answer & Explanation
Correct Answer: B
Explanation: STIX (Structured Threat Information Expression) and TAXII (Trusted Automated Exchange of Indicator Information) are standards for representing and exchanging threat information in a structured and automated manner. This allows organizations to efficiently share and consume threat intelligence. While confidentiality (A) is essential, it is not the primary focus of STIX/TAXII. Real-time mitigation (C) and manual analysis (D) are not direct benefits of the framework.
Ready to Accelerate Your GCTI Preparation?
Join thousands of professionals who are advancing their careers through expert certification preparation with FlashGenius.
- ✅ Unlimited practice questions across all GCTI domains
- ✅ Full-length exam simulations with real-time scoring
- ✅ AI-powered performance tracking and weak area identification
- ✅ Personalized study plans with adaptive learning
- ✅ Mobile-friendly platform for studying anywhere, anytime
- ✅ Expert explanations and study resources
Already have an account? Sign in here
About GCTI Certification
The GCTI certification validates your expertise in fundamentals of cti and other critical domains. Our comprehensive practice questions are carefully crafted to mirror the actual exam experience and help you identify knowledge gaps before test day.
GCTI Practice Question Sets
Sharpen your skills by domain with realistic, exam-style questions.
Write actionable intel, tailor to stakeholders, and practice reporting tradecraft.
Start Practicing →Map TTPs, track campaigns, and strengthen attribution skills with ATT&CK and Diamond Model.
Start Practicing →Hone collection planning, pivoting, and source validation across domains and infrastructure.
Start Practicing →Master lifecycle, tradecraft, bias mitigation, and core frameworks used across CTI.
Start Practicing →Level Up Your Cyber Skills: The Ultimate Guide to GIAC Cyber Threat Intelligence (GCTI) Certification
Explore everything you need to know about the GCTI certification — domains, frameworks, exam tips, and strategies to master threat intelligence analysis.
Read the Ultimate Guide →