Which of the following statements are correct about NTLM authentication? (Choose three)
A. NTLM negotiation starts between the FortiGate device and the user’s browser.
B. It must be supported by the user’s browser.
C. It must be supported by the domain controllers.
D. It does not require a collector agent.
E. It does not require DC agents.
A and E: See FortiGate_Security_6.2_Study_Guide-Online, page 252,
B: See FortiGate_Security_6.2_Study_Guide-Online, page 254.
ABC
Is wrong, the answer is: ADE.
I read in NSE4, Module II, Chapter 7
Interesting though as answer “B” is correct as well.
E is wrong:
Starting with MR3, FortiOS 3.0 supports integration with an Active Directory (AD) environment that employs NTLM messaging to provide authentication where the Fortinet Server Authentication Extension (FSAE) cannot be employed on all domain controllers. The controller agent must still be installed on at least one domain controller.
right. proved as well