Exam NSE4_FGT-7.0 topic 1 question 1 discussion

Agentless Polling Mode Similar to agent-based pollen, but FortiGate polls instead Doesn't require an external DC agent or collector agent Fortigate collects data directly Event logging must be enabled on the DCs More CPU and RAM require by FortiGate Support for pollen option WinSecLog only Fortigate uses SMB TCP 445 protocol to read the event viewer logs Fewer available features that collector agent-base polling mode Fortigate doesn't poll workstation

"FortiGate uses the SMB protocol to read the event viewer logs" "FortiGate doesn't poll workstation. Workstation verification is not available in agentless polling mode"

Slide 16, Chapter 3 - Fortinet Single Sign-On (FSSO), Course "NSE 4 FortiGate Infrastructure 7.2 Self-Paced" - "FortiGate uses the SMB protocol to read the event viewer logs" - "FortiGate doesn't poll workstation. Workstation verification is not available in agentless polling mode"

Agentless polling mode operates in a similar way to WinSecLog, but with only two event IDs: 4768 and 4769. Because there’s no collector agent, FortiGate uses the SMB protocol to read the event viewer logs from the DCs. In agentless polling mode, FortiGate acts as a collector. It is responsible for polling on top of its normal FSSO tasks but does not have all the extra features, such as workstation checks, that are available with the external collector agent. FortiGate Infrastructure 7.2 Study Guide P.130

B & C Fortigate doesnt poll workstation

It's B and C (not A and B)

BD, nse4

B and D are correct: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

Pg 272 Inf study guide : Because there’s no collector agent, FortiGate uses the SMB protocol to read the event viewer logs from the DCs. In agentless polling mode, FortiGate acts as a collector. It is responsible for polling on top of its normal FSSO tasks but does not have all the extra features, such as workstation checks, that are available with the external collector agent

BC 100%. It asks for AgentLESS, see https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-FSSO-agentless-polling/ta-p/214349 And check NSE5 Forticlient EMS.

FSSO (Fortinet Single Sign-On) agentless polling mode is a method used by Fortinet devices, such as FortiGate firewalls, to collect user authentication information from Microsoft Active Directory (AD) servers. In agentless polling mode, FortiGate reads the event viewer logs directly from the domain controllers (DCs) using the SMB protocol. The event viewer logs contain information about user logins, logouts, and other authentication events. The FSSO collector agent is not required in agentless polling mode, as FortiGate directly reads the event viewer logs from the DCs. This reduces the configuration complexity and overhead associated with deploying a collector agent on the network. FortiGate uses the collected authentication information to apply security policies and provide user-based reporting. This allows Fortinet devices to enforce granular policies based on user identity, rather than just IP addresses.

Option C is incorrect because FortiGate does support workstation check in agentless polling mode.

B and D is the correct answer Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

Page 257 student guie infrastructure 7.0 => Fortigate used SMB protocoll to read the event viewer logs from DC's. Workstation verficaction is not available in agentless polling mode. Fortigate acts as a collector. its responsible for polling on top of its normal FSSO taks buts does not have all the extra features, such as workstation checks, that are available with the external collector agent

BD ist correct

Correct answer is C & D Reference **Fortigate Infrastructure Study Guide Page 272**

Correct answer is B and D