"Also, advanced mode supports nested or inherited groups; that is, users can be members of subgroups that belong to monitored parent groups." "In advanced mode, you can configure FortiGate as an LDAP client and configure the group filters on FortiGate. You can also configure group filters on the collector agent."
Collector Agent Advanced Mode provides deeper integration between FortiGate, LDAP, and Active Directory, compared to standard mode.
Key features of Collector Agent Advanced Mode
B. FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.
Correct
In advanced mode:
FortiGate directly queries LDAP/AD
User group filters are configured on FortiGate, not only on the Collector Agent
This allows more flexible and scalable user/group-based policies
D. Advanced mode supports nested or inherited groups.
Correct
Advanced mode supports:
Nested AD groups
Inherited group memberships
This is one of the primary reasons advanced mode is used in complex AD environments
Why the other options are incorrect
A. Security profiles only to user groups
Incorrect.
Security profiles can be applied to users or groups, depending on policy configuration.
C. Uses NetBIOS Domain\Username format
Incorrect.
NetBIOS naming is associated with standard mode
Advanced mode typically uses LDAP DN-based identification
