Strengthen Security Using the Okta Policy Framework

Question 1

Default API rate limits may vary depending on the specific endpoint URI being
accessed?

Answer 1

True

Question 2

How does Okta threat insight work?

Answer 2

It helps protect customers from credential based attacks AND It monitors all
authenticators across Okta’s network

Question 3

What is the purpose of setting up Network Zones in Okta

Answer 3

To control access to specific resources based on IP address AND To create
geographic restrictions for user access

Question 4

An IP Zonne is used to define a range of gateway or proxy IP’s while a Dynanmic
Zone defines a zone rby country/region, ASN or IP type?

Answer 4

True

Question 5

Which of the following is an example of authenticator method with device bound and
hardware protected characteristics

Answer 5

Okta Verify Push

Question 6

Okta requires assurance levels are satisfied before it allows the end user to access
the app. The assurance levels can be specified in

Answer 6

Authentication Policies and Global Session Policies

Question 7

What determines the order in which policies or rules are evaluated for a context
match in Okta?

Answer 7

The priority assigned to each policy or rule

Question 8

What is assurance in the context of Okta’s Security Policy framework?

Answer 8

The level of assurance given for the security of framework

Question 9

Preset authentication policies are only available for certain types of applications?

Answer 9

False (available to all)

Question 10

Which of the following statement is correct about authentication policies?

Answer 10

They are only evaluated if a valid Okta session already exists

Question 11

Global session policies are evaluated after authentication policies?

Answer 11

False

Question 12

What does the Global session policy control in Okta?

Answer 12

The duration of an overall session

Question 13

All the self-service recovery authenticators can be used for authentication?

Answer 13

True

Question 14

What settings can administrators configure in the password policy in the Okta
Identity Engine (OIE)?

Answer 14

Password complexity and length requirements, Self-service recovery options

Question 15

Is this a true Statement about Global Session policy persistent cookies?

Answer 15

If a user quits their browser and repoens the browser, the browser session is
persisted unless the user has signed out

Question 16

Is this a condition and administrator can edit in the default Global session policy?

Answer 16

Primary factor

Question 17

Is this a true statement about adding rules to a new policy

Answer 17

The policy must have at least one rule

Question 18

Is this a true statement regarding Okta sign-on policy rules

Answer 18

A rule with a priority value of 1 takes precedence over all the rules

Question 19

Is this the policy to implement is an administrator need to ensure that all users in the
contractor group are prompted for MFA when they log on to Okta

Answer 19

Okta sign-on Policy

Question 20

A company increase security policies org security policies for both employees and
admin, company also whats amins to use okta verify as a second factor, is this the
correct way to administer?

Answer 20

Policy for admins then policy for employees