Refer to the exhibit, which shows a partial output of the fssod daemon real-time debug command.

What two conclusions can you draw from the output? (Choose two.)

1. A. The workstation with IP 10.124.2.90 will be polled frequently using TCP port 445 to see if the user is still logged on.
2. B. The logon event can be seen on the collector agent installed on Windows.
3. C. FSSO is using DC agent mode to detect logon events.
4. D. FSSO is using agentless polling mode to detect logon events.

Correct Answer: AD
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-FSSO-agentless-polling/ta-p/214349
From the snippet we can see that FortiGate (via the fssod daemon) is directly detecting the user logon rather than relying on a separate ??collector?? or ??DC agent.?? This indicates agentless polling—FortiGate polls the DC??s event logs over TCP 445 to discover logons. So: - FSSO is using agentless polling mode to detect logon events - In agentless mode, FortiGate will periodically poll the same IP (the DC) on port 445 to see if the user is still logged on

Refer to the exhibit, which shows the output of a policy route table entry.

Which type of policy route does the output show?

1. A. An ISDB route
2. B. A regular policy route
3. C. A regular policy route, which is associated with an active static route in the FIB
4. D. An SD-WAN rule

Correct Answer: A

An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the built-in sniffer.
If the administrator knows that there Is no NAT device located between both FortiGate devices, which command should the administrator run?

1. A. diagnose sniffer packet any 'udp port 500'
2. B. diagnose sniffer packet any 'lp proto 50'
3. C. diagnose sniffer packet any 'udp port 4500'
4. D. diagnose sniffer packet any 'ah'

Correct Answer: B

Refer to the exhibit.

The exhibit shows the output from using the command diagnose debug application samld -1 to diagnose a SAML connection.
Based on this output, what can you conclude?
A. Active Directory is used for authentication.
B. The authentication request is for an SSL VPN connection.
C. The IdP IP address is 10.1.10.254.
D. The IdP IP address is 10.1.10.2.

1. A.

Correct Answer: D

Refer to the exhibit, which shows the port1 interface configuration on FortiGate and partial session information for ICMP traffic.

What happens to the session information if a routing change occurs that affects this session?
A. Only the interface and gateway information for dev=7 will be removed.
B. The session information will not change unless the current route has been removed from the routing table.
C. The session will be flagged as dirty but no route lookups will be performed.
D. Sessions involving port7 or port19 will not have their routing information flushed.

1. A.

Correct Answer: B