Okta Administrator Certification Flashcards
Which Okta administrator role can promote a regular user to Read-Only Administrator?
A: Super Administrator.
Which method can an administrator use to create a read-only API token?
A: Log on as Read-Only Administrator and create an API token.
Which component is a minimum prerequisite for deploying On Prem Desktop SSO in a company?
A: Properly Installed Okta Active Directory Agent.
Which sign-on method should be used to configure SSO for a web app that does NOT support federation?
A: SWA.
Which statement is true about mappings with Universal Directory?
A: It supports SpEL functions for transforming data attributes.
Which system log query can an administrator run to check on deleted API tokens?
A: eventType eq “system.api_token.revoke”.
What is protected by API rate limits?
A: The Okta service from load spikes or service interrupts.
What is a best practice when configuring high availability for the Okta Active Directory (AD) Agent?
A: Set up two or more Active DIrectory Agents for each domain.
What does an administrator need from an SP to configure a SAML-enabled application that is NOT part of the OIN?
A: SAML Metadata.
At logon, users can authenticate with Delegated Authentication, but functions like reset password do NOT work. Why?
A: An administrator has not set up password reset capability.
Which feature should be configured to ensure users are prompted for MFA every time they access a specific application?
A: Application Sign-on policy.
Which Okta feature can be used to determine whether a user should have access to an application?
A: Application Access Audit Report.
Which expression correctly transforms a username to this format: firstname.lastname@okta.com?
A: source.firstName + “.” + source.lastName + “@okta.com”.
An administrator logs on to the Okta Administrator App but is NOT able to see any reports. What is the likely reason?
A: The administrator is logged on as a Group Administrator.
What will the Okta browser plugin do after it is deployed with SWA applications?
A: Monitor password updates.
What should be configured to automate activation of new users during an import from AD to Okta in an existing Okta org?
A: Auto-activate new users.
Which statement is true about applications that are available in the Okta Integration Network (OIN)?
A: OIN applications are available to all Okta customers.
Which administrator role can create groups in Okta?
A: Organization Administrator.
Where can an administrator see the attributes that can be updated between Okta and configured apps?
A: Profile Editor.
What can a group in Okta be used for?
A: To assign specific entitlements within an application.
What will an outside-the-network user experience when signing on to an org that deployed DSSO functionality?
A: The user will be prompted for credentials.
According to best practice, which account should an administrator use to install DSSO?
A: The Okta Sourced Administrator account with Super Administrator privileges.
What should administrators do to support Active Directory Password Reset functionality for end users?
A: Promote the Active Directory service account to the correct permissions.
What is a best practice when installing the Okta Active Directory Agent?
A: Use an Okta-sourced Super Administrator account.
