Which statement is one disadvantage of using FSSO NetAPI polling mode over FSSO Security Event Log (WinSecLog) polling mode?

The statement indicating that using FSSO NetAPI polling mode may miss some logon events accurately highlights a disadvantage of this method. FSSO (Fortinet Single Sign-On) operates through various modes to capture user activity for authentication and access control. In the NetAPI polling mode, the polling is done at specific intervals, which means that there could be scenarios where logon events occurring between the polling intervals could be overlooked. This can lead to gaps in the logon data that is captured, potentially affecting security monitoring and reporting.

In contrast, FSSO Security Event Log polling mode captures logon events from the event logs on Windows servers in real-time, significantly reducing the chance of missing any events. Therefore, FSSO NetAPI polling mode is less reliable concerning real-time log monitoring, specifically regarding logon events that occur outside of the polling intervals.

The other aspects, such as requiring a DC agent, running slower, or needing DNS access, pertain to different challenges and requirements that do not directly relate to the consistent capture of logon events. However, the potential for missed logon events is a fundamental concern for continuous security monitoring, making it a critical disadvantage of the NetAPI polling mode.