Okta Administrator Certification

Question 1

Which Okta administrator role can promote a regular user to Read-Only Administrator?

Answer 1

A: Super Administrator.

Question 2

Which method can an administrator use to create a read-only API token?

Answer 2

A: Log on as Read-Only Administrator and create an API token.

Question 3

Which component is a minimum prerequisite for deploying On Prem Desktop SSO in a company?

Answer 3

A: Properly Installed Okta Active Directory Agent.

Question 4

Which sign-on method should be used to configure SSO for a web app that does NOT support federation?

Answer 4

A: SWA.

Question 5

Which statement is true about mappings with Universal Directory?

Answer 5

A: It supports SpEL functions for transforming data attributes.

Question 6

Which system log query can an administrator run to check on deleted API tokens?

Answer 6

A: eventType eq “system.api_token.revoke”.

Question 7

What is protected by API rate limits?

Answer 7

A: The Okta service from load spikes or service interrupts.

Question 8

What is a best practice when configuring high availability for the Okta Active Directory (AD) Agent?

Answer 8

A: Set up two or more Active DIrectory Agents for each domain.

Question 9

What does an administrator need from an SP to configure a SAML-enabled application that is NOT part of the OIN?

Answer 9

A: SAML Metadata.

Question 10

At logon, users can authenticate with Delegated Authentication, but functions like reset password do NOT work. Why?

Answer 10

A: An administrator has not set up password reset capability.

Question 11

Which feature should be configured to ensure users are prompted for MFA every time they access a specific application?

Answer 11

A: Application Sign-on policy.

Question 12

Which Okta feature can be used to determine whether a user should have access to an application?

Answer 12

A: Application Access Audit Report.

Question 13

Which expression correctly transforms a username to this format: firstname.lastname@okta.com?

Answer 13

A: source.firstName + “.” + source.lastName + “@okta.com”.

Question 14

An administrator logs on to the Okta Administrator App but is NOT able to see any reports. What is the likely reason?

Answer 14

A: The administrator is logged on as a Group Administrator.

Question 15

What will the Okta browser plugin do after it is deployed with SWA applications?

Answer 15

A: Monitor password updates.

Question 16

What should be configured to automate activation of new users during an import from AD to Okta in an existing Okta org?

Answer 16

A: Auto-activate new users.

Question 17

Which statement is true about applications that are available in the Okta Integration Network (OIN)?

Answer 17

A: OIN applications are available to all Okta customers.

Question 18

Which administrator role can create groups in Okta?

Answer 18

A: Organization Administrator.

Question 19

Where can an administrator see the attributes that can be updated between Okta and configured apps?

Answer 19

A: Profile Editor.

Question 20

What can a group in Okta be used for?

Answer 20

A: To assign specific entitlements within an application.

Question 21

What will an outside-the-network user experience when signing on to an org that deployed DSSO functionality?

Answer 21

A: The user will be prompted for credentials.

Question 22

According to best practice, which account should an administrator use to install DSSO?

Answer 22

A: The Okta Sourced Administrator account with Super Administrator privileges.

Question 23

What should administrators do to support Active Directory Password Reset functionality for end users?

Answer 23

A: Promote the Active Directory service account to the correct permissions.

Question 24

What is a best practice when installing the Okta Active Directory Agent?

Answer 24

A: Use an Okta-sourced Super Administrator account.

Question 25

A company application requires an LDAP managerid attribute. Which statement about LDAP profile mappings is true?

Answer 25

A: Any Okta-imported attributes can be mapped to the application profile.

Question 26

What is an appropiate method for importing Active Directory-sourced users into Okta?

Answer 26

A: Manually run the import from the Okta administrator application.

Question 27

What is the correct method of enabling Verbose Logging in the Okta Active Directory (AD) Agent?

Answer 27

A: Set Verbose Logging as “True” in Agent config file; restart Agent Service.

Question 28

When a user is in the network, what would prevent Desktop Single Sign-On (SSO) from signing the user in automatically?

Answer 28

A: The user’s Active Directory (AD) account is locked.

Question 29

What is required to configure delegated authentication with Active Directory domains?

Answer 29

A: Service account in Active Directory.

Question 30

Which Okta Administrator role should be used to create an API key that CANNOT change configurations in Okta?

Answer 30

A: Read-Only Administrator.

Question 31

Which password policy feature can prevent Okta-sourced users from changing their new user password for at least 5 days?

Answer 31

A: Minimum password age.

Question 32

Which type of MFA rule can an Okta Administrator use for behavior detection at sign-on?

Answer 32

A: Device.

Question 33

What does the Enchanced Group Push allow administrators to do?

Answer 33

A: Push to specific groups from Okta that exist in specific applications.

Question 34

Which syntax will transform emails in this format “jsmith@oktaice.com” to usernames in this format “jsmith”?

Answer 34

A: String.substringBefore(“jsmith@oktaice.com”, “@”)

Question 35

Which statement about profile attributes is true?

Answer 35

A: Attributes can be modified with the People Editor.

Question 36

Multiple profile sources are being used with Okta. ALS is NOT enabled. What determines the source of the attributes?

Answer 36

A: Attribute Source priority.

Question 37

What should an Okta Administrator use to configure a custom ASP.net application that requires federation?

Answer 37

A: WS-Fed template.

Question 38

Which component is required for Delegated Authentication?

Answer 38

A: The Okta AD Agent installed and configured in the Okta org.

Question 39

Which SWA template app should be used to create a custom application with Username, Password and submit button fields?

Answer 39

A: Template Plugin App.

Question 40

What is required during an Identity Provider (IdP) initiated sign-on to confirm a SAML assertion?

Answer 40

A: IdP signature certificate.