Okta Administrator Certification Flashcards
Which Okta administrator role can promote a regular user to Read-Only Administrator?
A: Super Administrator.
Which method can an administrator use to create a read-only API token?
A: Log on as Read-Only Administrator and create an API token.
Which component is a minimum prerequisite for deploying On Prem Desktop SSO in a company?
A: Properly Installed Okta Active Directory Agent.
Which sign-on method should be used to configure SSO for a web app that does NOT support federation?
A: SWA.
Which statement is true about mappings with Universal Directory?
A: It supports SpEL functions for transforming data attributes.
Which system log query can an administrator run to check on deleted API tokens?
A: eventType eq “system.api_token.revoke”.
What is protected by API rate limits?
A: The Okta service from load spikes or service interrupts.
What is a best practice when configuring high availability for the Okta Active Directory (AD) Agent?
A: Set up two or more Active DIrectory Agents for each domain.
What does an administrator need from an SP to configure a SAML-enabled application that is NOT part of the OIN?
A: SAML Metadata.
At logon, users can authenticate with Delegated Authentication, but functions like reset password do NOT work. Why?
A: An administrator has not set up password reset capability.
Which feature should be configured to ensure users are prompted for MFA every time they access a specific application?
A: Application Sign-on policy.
Which Okta feature can be used to determine whether a user should have access to an application?
A: Application Access Audit Report.
Which expression correctly transforms a username to this format: firstname.lastname@okta.com?
A: source.firstName + “.” + source.lastName + “@okta.com”.
An administrator logs on to the Okta Administrator App but is NOT able to see any reports. What is the likely reason?
A: The administrator is logged on as a Group Administrator.
What will the Okta browser plugin do after it is deployed with SWA applications?
A: Monitor password updates.
What should be configured to automate activation of new users during an import from AD to Okta in an existing Okta org?
A: Auto-activate new users.
Which statement is true about applications that are available in the Okta Integration Network (OIN)?
A: OIN applications are available to all Okta customers.
Which administrator role can create groups in Okta?
A: Organization Administrator.
Where can an administrator see the attributes that can be updated between Okta and configured apps?
A: Profile Editor.
What can a group in Okta be used for?
A: To assign specific entitlements within an application.
What will an outside-the-network user experience when signing on to an org that deployed DSSO functionality?
A: The user will be prompted for credentials.
According to best practice, which account should an administrator use to install DSSO?
A: The Okta Sourced Administrator account with Super Administrator privileges.
What should administrators do to support Active Directory Password Reset functionality for end users?
A: Promote the Active Directory service account to the correct permissions.
What is a best practice when installing the Okta Active Directory Agent?
A: Use an Okta-sourced Super Administrator account.
A company application requires an LDAP managerid attribute. Which statement about LDAP profile mappings is true?
A: Any Okta-imported attributes can be mapped to the application profile.
What is an appropiate method for importing Active Directory-sourced users into Okta?
A: Manually run the import from the Okta administrator application.
What is the correct method of enabling Verbose Logging in the Okta Active Directory (AD) Agent?
A: Set Verbose Logging as “True” in Agent config file; restart Agent Service.
When a user is in the network, what would prevent Desktop Single Sign-On (SSO) from signing the user in automatically?
A: The user’s Active Directory (AD) account is locked.
What is required to configure delegated authentication with Active Directory domains?
A: Service account in Active Directory.
Which Okta Administrator role should be used to create an API key that CANNOT change configurations in Okta?
A: Read-Only Administrator.
Which password policy feature can prevent Okta-sourced users from changing their new user password for at least 5 days?
A: Minimum password age.
Which type of MFA rule can an Okta Administrator use for behavior detection at sign-on?
A: Device.
What does the Enchanced Group Push allow administrators to do?
A: Push to specific groups from Okta that exist in specific applications.
Which syntax will transform emails in this format “jsmith@oktaice.com” to usernames in this format “jsmith”?
A: String.substringBefore(“jsmith@oktaice.com”, “@”)
Which statement about profile attributes is true?
A: Attributes can be modified with the People Editor.
Multiple profile sources are being used with Okta. ALS is NOT enabled. What determines the source of the attributes?
A: Attribute Source priority.
What should an Okta Administrator use to configure a custom ASP.net application that requires federation?
A: WS-Fed template.
Which component is required for Delegated Authentication?
A: The Okta AD Agent installed and configured in the Okta org.
Which SWA template app should be used to create a custom application with Username, Password and submit button fields?
A: Template Plugin App.
What is required during an Identity Provider (IdP) initiated sign-on to confirm a SAML assertion?
A: IdP signature certificate.
