What are two features of FortiGate FSSO agentless polling mode?

The feature that FortiGate uses the SMB protocol to read the event viewer logs from the Domain Controllers (DCs) in agentless polling mode is accurate because this method allows FortiGate to effectively gather user authentication information without deploying an agent on each workstation. In agentless mode, the FortiGate device leverages SMB to access and read Windows event logs directly, which contain valuable information regarding user logins and authentications. This capability enables the firewall to retrieve user information for security policies and auditing purposes effectively.

In contrast, while real-time user authentication, workstation checks, and LDAP for user management are relevant features in user authentication contexts, they do not specifically apply to the polling mode of the FSSO. Agentless polling primarily focuses on event log reading using protocols like SMB rather than establishing real-time connections or leveraging LDAP directly for user management. Hence, the selection of the feature regarding the use of the SMB protocol reflects a correct understanding of how FortiGate operates in the specific context of FSSO agentless polling mode.