Which capability is not part of Tanium Threat Response?

• A. Firmware updates across the fleet.
• B. Real-time endpoint visibility.
• C. Containment actions.
• D. Guided investigation workflows.

Answer: (A)

Firmware updates across the fleet is not part of Tanium Threat Response. Threat Response is focused on incident-driven actions: providing real-time endpoint visibility to understand what’s happening, executing containment actions to stop spread and preserve evidence, and guiding investigators through structured workflows to analyze and remediate threats. Firmware updates are a maintenance or patch-management activity—deploying low-level device firmware across many endpoints—which falls outside the incident-response set of capabilities. In practice, firmware management is handled by other Tanium modules or tools, while Threat Response handles detection, containment, investigation, and targeted remediation on the host level.