NSE 4 – FortiGate 6.0 — Question 5
Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)
Answer options
- A. The NetSessionEnum function is used to track user logoffs.
- B. WMI polling can increase bandwidth usage in large networks.
- C. The collector agent uses a Windows API to query DCs for user logins.
- D. The collector agent do not need to search any security event logs.
Correct answer: B, C
Explanation
Option B is correct because WMI polling can lead to increased bandwidth usage, especially in larger networks that generate more data. Option C is also correct as the collector agent uses a Windows API to perform queries on Domain Controllers for user login information. Options A and D are incorrect because they either misrepresent the functions of the NetSessionEnum or incorrectly state the collector agent's need regarding security event logs.