Which statements about FSSO in a Windows domain with agent mode are correct?

The statement that a domain controller agent updates login info regularly is correct because in agent mode of Fortinet Single Sign-On (FSSO), the domain controller agent plays a crucial role in collecting user authentication information. This agent is installed on the domain controller and is responsible for monitoring logon events, which it captures and processes. The agent continuously polls the Windows log files for any new login events and updates the information regularly to the FortiGate device. This real-time update mechanism is essential for ensuring that the firewall has the most current user authentication data to make accurate access control decisions.

While a collector agent can be involved in the workflow, it is not necessarily required on all domain controllers, and a dedicated collector agent does not need to be installed for each agent. Furthermore, while agent mode does reduce the need for DNS lookups by leveraging the information directly from the domain controller, certain functionalities or configurations might still necessitate DNS queries in specific scenarios. Thus, these details underscore the importance of the domain controller agent in maintaining up-to-date login information in the FSSO framework.