Okta-Certified-Administrator Practice Exam Questions with Answers Okta Certified Administrator Exam Certification

Regarding policies, Okta recommends:

Solution: Include a final catch-all rule that denies access to anything that does not match any of the preceding rules

Speaking of Okta Template App and Okta Pluin Template App, which of the following RegEx can you create for an allow list of URLS so that both endpoints for /login or /change_password are accepted under example.com domain?

Solution: https://example*.com/(login|change_password)

As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.

Solution: Both statements are true

Regarding policies, Okta recommends:

Solution: To include a policy rule that catches not wanted behaviors as a first priority and then label others for permitted behaviors

When a user's Okta password is changed:

Solution: All apps that are Provisioning-enabled and have Update Attributes option active under Provisioning settings - will begin to sync the password in respective apps, as password is an attribute of their profile - but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password

There might be specific AD attributes, which - apart from others - do not appear in the Okta user profile. Can those extra attributes be mapped and provisioned towards an app?

Solution: Yes, but you need to have a SAML 2.0 integrated app or such flow

With Okta Retention Policy, App generated data and reporting based on log data older than how many months is automatically removed (not considering the Backup Data)?

Solution: 3 months

Whenever you make an API call, you will then get back:

Solution: Okta events under '/events' endpoint

After you turn on Desktop SSO, a default DSSO related routing rule is created. You must configure the network information for this rule.

Solution: You have nothing to do and even the rule is by default set to "Active"

When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId")

Solution: Graph

When you call a GET API call for users / groups / and other such objects, the response is usually Paginated, in case these are a lot of objects returned. What do you do in order to retrieve all objects?

Solution: You call the very same API with the help of a different token, hence will return the next page of objects

As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.

Solution: Only the second statement is true

Any ... 's credentials verified under "Test API credentials" in an Office365 app integration can allow Okta API integration with Office 365 - permissions which once successfully granted will be used by Okta used for Provisioning related tasks

Solution: Okta Super Administrator

Whenever you make an API call, you will then get back:

Solution: Response headers

Okta AD Agents can be successfully and completely configured by:

Solution: Read-only administrators

Okta has a json representation of objects such as 'users', json schema interchanged on API calls, as an example, but what about the format of information regarding of a user going to a SCIM server for creating the user in an On Premises application?

Solution: Format stays the same: json

When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId")

Solution: Array

Which of the following is / are true?

Solution: If an MFA factor is set to 'required' and another MFA factor set to 'optional', then users can enroll into both factors, but then can use only the first one for successful logins

You just re-enabled IWA DSSO and notice it's not behaving as it should. What is an aspect you should keep in mind?

Solution: That when re-enabling IWA DDSO the Identity Provider (IDP) routing rules must be manually reactivated

Speaking of Okta Template App and Okta Pluin Template App, which of the following RegEx can you create for an allow list of URLS so that both endpoints for /login or /change_password are accepted under example.com domain?

Solution: https://example.com/(login|change_password)

In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?

Solution: In 'Provisioning', CRUD stands for Create, Read, Upload, Deprovision

Which is a / are best-practice(s) in a SAML 2.0 situation?

Solution: To not link your admin user from the SP via SAML with a user from Okta, if the app (SP) does not provide a SAML bypass URL

What does SCIM stand for?

Solution: System for Cross-domain Identity Management

When a user's Okta password is changed:

Solution: All apps that are Provisioning-enabled and have Sync Password option active under Provisioning settings - will begin to sync the password in respective apps

Once brought into Okta, LDAP roles are represented as:

Solution: Groups

With agentless DSSO (Desktop Single Sign-on), you still have a need of deploying IWA Agents in your Active Directory domains to implement DSSO functionality.

Solution: The statement is true, as agentless DSSO means no AD agents, not no IWA agents

Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?

Solution: Only for Sign On policies you have such granularity

Which of the following is / are true?

Solution: If an MFA factor is set to 'required' and another MFA factor set to 'disabled', then users can choose between the two factors when enrolling, but then can use only the first one for successful logins

Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using:

Solution: The OAuth 2.0 standard

When using Okta Expression Language, which of the following will have the output: okta.com

Solution: String.substring("abc@okta.com", "@")

With Okta Retention Policy, App generated data and reporting based on log data older than how many months is automatically removed (not considering the Backup Data)?

Solution: This data is never removed, as per GDPR

When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in

Solution: Statement is true

When does Okta bring LDAP groups into Okta?

Solution: Only during LDAP JIT

The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.

Solution: The statement is true