Free · 6 practice questions · Cybersecurity

GIAC Cyber Threat Intelligence (GCTI) practice questions.

6 scenario-based questions covering every domain on the exam blueprint. Original DecipherU writing with primary-source citations, not exam-question mimicry. Free to read. Pair with the $147 cert-prep add-on for domain reviews and exam-day strategy.

Read the GIAC Cyber Threat Intelligence (GCTI) exam overview See parent course

Layered on threat intelligence fundamentals

GIAC Cyber Threat Intelligence (GCTI) Exam Prep Add-On

GIAC Cyber Threat Intelligence (GCTI) exam-ready ramp on top of Threat Intelligence Fundamentals. Domain reviews mapped to the official GIAC outline, open-book index development support, and three full-length mock exams.

Buy the prep · $147 See parent course

Question 1 of 6Domain · Models and Frameworks

An analyst is mapping a phishing-driven intrusion to the Cyber Kill Chain. The threat actor sent a spear-phishing email with a malicious attachment that, when opened, exploited a Word vulnerability and dropped a beacon. Which Kill Chain phase covers the act of opening the attachment and triggering the exploit?

Pick a letter to enable reveal

Question 2 of 6Domain · Models and Frameworks

In the Diamond Model, an analyst links a campaign across multiple victims using a shared C2 domain registered to the same email address. Which Diamond Model vertex did the analyst use as the pivot?

Pick a letter to enable reveal

Question 3 of 6Domain · Threat Actor Analysis and Attribution

Two vendors publish reports on a campaign with overlapping techniques. CrowdStrike refers to the group as 'COZY BEAR' and Microsoft refers to it as 'MIDNIGHT BLIZZARD' (formerly 'NOBELIUM'). Which framework consolidates these naming conventions and provides a vendor-neutral identifier?

Pick a letter to enable reveal

Question 4 of 6Domain · Analytic Techniques

An analyst is testing two competing hypotheses about the actor behind a campaign. Which structured analytic technique is designed specifically to weigh evidence against multiple hypotheses without anchoring on the first plausible one?

Pick a letter to enable reveal

Question 5 of 6Domain · Reporting and Dissemination

An analyst writes a strategic-level intelligence report. The executive summary states: 'We assess with high confidence that the threat actor will continue targeting financial-sector firms over the next 6 to 12 months.' Which ICD 203 element does the phrase 'with high confidence' satisfy?

Pick a letter to enable reveal

Question 6 of 6Domain · CTI Lifecycle and Tradecraft

A new CTI program is establishing Priority Intelligence Requirements (PIRs). Which option best describes what PIRs are?

Pick a letter to enable reveal

Liked these 6? Get the full prep.

GIAC Cyber Threat Intelligence (GCTI) Exam Prep Add-On

Adds exam-blueprint domain reviews, exam-day strategy, the authorized study resources, and the gated practice scenarios behind purchase. $147 on top of the parent course. Verified against the official blueprint 2026-05-22.

Buy the prep · $147 Today's daily question

Other cert practice sets. Sixteen more cert-prep modules ship with practice question sets:

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

By subscribing you agree to our privacy policy. Unsubscribe anytime.