Comprehensive Questions and Answers –
Complete Certification (A+ Assessment).
Comprehensive 70-Question Study Guide with Verified Solutions
Exam Specifications:
• Total Questions: 70 (55 Multiple Choice + 10 Scenario-Based + 5 Drag-and-Drop)
• Passing Score: 90 a%
• Time Allowed: 90 minutes
• Prerequisites: None (Recommended: Tanium Essentials Course + 3-6 months
experience)
DOMAIN I: TANIUM ARCHITECTURE & COMPONENTS (12 Questions)
Question 1 (Multiple Choice)
Which component receives requests from Tanium Clients and forwards them to the Tanium
Server?
A. Tanium Module Server
B. Tanium Zone Server ✓
C. Tanium Interact
D. Tanium Client itself
Rationale: The Zone Server acts as a relay between Clients and Server, especially in DMZ,
remote offices, and untrusted networks. Clients connect outbound to the Zone Server (port
17472), which then communicates with the Tanium Server. No inbound firewall rules are
required on the client side.
Question 2 (Multiple Choice)
Which protocol does the Tanium Client use to communicate with the Tanium Server/Zone
Server?
A. HTTPS (TCP 443)
B. SNMP
,C. Tanium Adaptive Message Protocol (TAMP) ✓
D. ICMP
Rationale: TAMP is Tanium's proprietary protocol over port 17472 (default). HTTPS (443)
is reserved for admin console and API access. The client initiates all connections
outbound—no inbound listener is required.
Question 3 (Multiple Choice)
What is the default Tanium Client polling interval?
A. 60 seconds ✓
B. 300 seconds
C. 900 seconds
D. 30 seconds
Rationale: The client asks the server "Do you have anything for me?" every 60 seconds by
default. This can be tuned based on network conditions and endpoint count.
Question 4 (Multiple Choice)
The Tanium Module Server is responsible for:
A. Proxying client traffic from remote networks
B. Hosting the web-based console
C. Hosting module content (sensors, packages, actions) ✓
D. Storing all endpoint data and results
Rationale: The Module Server hosts the content for Tanium modules (Interact, Trends,
Patch, IR, etc.). The Tanium Server handles processing, results storage, and console hosting.
Question 5 (Multiple Choice)
Which statement about Tanium Client firewall requirements is TRUE?
A. Inbound port 17472 must be open on endpoints
B. Inbound port 443 must be open on endpoints
C. No inbound firewall rules are required; the client initiates all connections
outbound ✓
D. Both inbound and outbound rules are required on port 22
, Rationale: The Tanium Client is designed for zero inbound firewall requirements. All
communication is initiated outbound from the client to the Zone Server or Tanium Server.
Question 6 (Multiple Choice)
Which component hosts the Tanium web-based administration console?
A. Tanium Zone Server
B. Tanium Server ✓
C. Tanium Module Server
D. Tanium Client
Rationale: The Tanium Server hosts the web console (HTTPS 443) where administrators
ask questions, deploy actions, and manage the platform.
Question 7 (Multiple Choice)
A company has endpoints on vendor networks with no VPN. Which architecture component
should be deployed?
A. Additional Tanium Server
B. Tanium Module Server
C. Tanium Zone Server ✓
D. Tanium Client with custom certificate
Rationale: The Zone Server is designed for untrusted networks (DMZ, vendor networks,
internet-connected roaming devices). It proxies traffic securely without requiring direct
server access.
Question 8 (Multiple Choice)
What authentication mechanism does the Tanium Client use when communicating with the
server?
A. Username/password
B. API token
C. Machine certificate (TLS) ✓
D. Kerberos ticket
Rationale: Tanium Clients use machine certificates for mutual TLS authentication. This
ensures only authorized clients can communicate with the infrastructure.