In a FSSO agentless polling mode solution, where must the collector agent be?
A. In any Windows server
B. In any of the AD domain controllers
C. In the master AD domain controller
D. The FortiGate device polls the AD domain controllers
In a FSSO agentless polling mode solution, where must the collector agent be?
A. In any Windows server
B. In any of the AD domain controllers
C. In the master AD domain controller
D. The FortiGate device polls the AD domain controllers
Agentless polling mode operates in a similar way to WinSecLog, but with only two event IDs: 4768 and 4769.
Because there’s no collector agent, FortiGate uses the SMB protocol to read the event viewer logs from the
DCs.
In agentless polling mode, FortiGate acts as a collector. It is responsible for polling on top of its normal FSSO
tasks but does not have all the extra features, such as workstation checks, that are available with the external
collector agent.
Why isn’t it B? The agent is to be installed on the domain controller. It doesn’t say master. The fortigate has to poll a DC with the agent on it.