






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A valuable set of questions and answers covering key concepts in tanium essentials. it's designed to help students prepare for the 2025 exam by testing their understanding of tanium's features, including connect, trends, enforce, reveal, threat response, patch, deploy, interact, discover, map, asset, and comply. The questions cover various aspects of each module, making it a useful study resource for anyone learning about tanium.
Typology: Exams
1 / 11
This page cannot be seen from the preview
Don't miss anything!
Which Connect destination is exclusive to on-prem instances of Tanium File Which of the following is NOT a use case for Trends Proactively identify endpoint performance issues Which element in Trends allows you to see endpoint data in a visual format (pie chart, for example)? Panel As a best practice, you should avoid scheduled connections that overlap True Which of the following are chart types available within Trends? Donut, Area, Vertical Bar Which of the following is NOT a use case for Connect? Deploy actions to make changes on endpoints, such as uninstalling a problematic application
Which of the following is NOT a use case for Enforce Detect endpoints with unsanctioned customer data What conditions must be defined when creating a Reveal rule? Pattern and Action Impact scores appear in Threat Response to help prioritize remediation for alerts True After a remediation Enforce policy is created, it is enforced on a Filter Group False Threat Engine can perform real-time detection and alerting using which of the following? Signals Regarding Impact, which of the following represents how far an attacker could move if an account or asset were compromised? Outbound count What does the shortest path represent in Impact? The quickest way to user rights or endpoint access
By default, _________ worth of data is retained in the endpoint database for Map, endpoint maps, and application maps 24 hours' Which steps can you perform when creating patch lists? You can create rules to automatically select patches and add them to the list You can first specify the platform OS, choices included Windows and Linux You can select from the list of available patches When creating a database source in Asset, a best practice is to set a primary key field in the source table that maps to a unique field in Asset, like Serial Number or Computer Name True Which feature is useful to help build complex Interact questions using a guided graphical interface? Question builder Which of the following is NOT a use case for Interact? Remove unwanted software
Which Interact result message indicates that the client is busy? Current result unavailable Which of the following is a key benefit of Tanium's Linear Chain architecture? Reduced WAN Traffic saves costs Why does Tanium use zone servers? Adds and extra communication step for security Which of the following contains a set of instructions for altering an endpoint's behavior? Package Which of the following is set up in Comply to target and continuously scan endpoints to gather data? Assessments Which of the following is NOT a use case for impact? Gain full visibility to the environment and deliver software at speed and scale Reveal Quick Search is used to group rules together and assign them to specific groups of endpoints
Send inventory information to Splunk for correlation with security events Select the description that best fits the APPLICATION COMPONETS TAB on Map's Application Discovery page Provides details about the processes hosting the connections for each application component What is the purpose of Tanium Discover? Find unmanaged devices and bring them under control To install Map tools on endpoints, the endpoints must ______. Be included in the Map action group In Asset, the key difference between views and reports is that reports are optimized for programmatic integration, whereas views are optimized for interactive viewing, sorting, and filtering False Basic Interact questions are compromised of which two fundamental parts? Data to be collected; Devices to answer Identify which item is a Connect destination?
Splunk What is a "source" in the context of the Trends module? A collection of sensors that define a saved question Which of the following is NOT a use case for Impact? Gain full visibility to the environment and deliver software at speed and scale Which of the following is NOT a use case for Integrity Monitor? Harden specific assets against lateral attack Comply findings can be exported by using Tanium Connect True Which of the following is NOT a use case for reveal? Generate simple, comprehensive status reports In Enforce, a DENY APPROACH is to block an application by __________. Path, hash, or publisher If you do NOT define any Integrity Monitor path exclusions, all files and directories in the path are watched for the configured change types False
Asset's Software Inventory & Usage feature allows you to track the following data for software application in your environment Pending Usage Unused Installations Used Which of the following is NOT a use case for Map? Report on overall patch compliance Which of the following is NOT a use case for Asset? Analyze impact of software and changes in the environment Which of the following is not a use case for Threat Response? Find root cause of excessive administrative rights Maps application discovery process halts and is considered completed after all connections and tiers have been discovered True
In Patch, for Windows and Linux deployments, all patch files are delivered by Tanium False Which of the following is NOT a use case for Discover? Send inventory information to Splunk for correlation with security events __________ and __________ determine what data is populated in Asset, and can be the columns that are included in reports. Entities and Attributes