NSE4 · Question #52
NSE4 Question #52: Real Exam Question with Answer & Explanation
The correct answer is B: An FSSO domain controller agent must be installed on every domain controller.. In FSSO agent mode, a DC agent must be present on every domain controller to monitor login events, which are then sent to a central collector agent for processing and transmission to the FortiGate.
Question
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory. Which of the following statements are correct regarding FSSO in a Windows domain environment when agent mode is used? (Choose two.)
Options
- AAn FSSO collector agent must be installed on every domain controller.
- BAn FSSO domain controller agent must be installed on every domain controller.
- CThe FSSO domain controller agent will regularly update user logon information on the FortiGate
- DThe FSSO collector agent will receive user logon information from the domain controller agent
Explanation
In FSSO agent mode, a DC agent must be present on every domain controller to monitor login events, which are then sent to a central collector agent for processing and transmission to the FortiGate.
Common mistakes.
- A. The FSSO Collector Agent is typically installed on a single dedicated server or one domain controller, not necessarily on every domain controller.
- C. The FSSO domain controller agent forwards logon information to the FSSO Collector Agent, which then updates the FortiGate, rather than the DC agent directly updating the FortiGate.
Concept tested. FSSO Agent Mode architecture
Topics
Community Discussion
No community discussion yet for this question.