OKTA-CERTIFIED-ADMINISTRATOR Online Practice Questions and Answers

If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:

Solution: Intentionally map a blank value to that specific attribute in the user profile

A. Yes

B. No

When using Okta Expression Language, which of the following will have the output: okta.com

Solution: String.substring("[email protected]", "@")

A. Yes

B. No

Can you map the Okta user ID as an Office 365 Immutable ID?

Solution: Done via mappings, by pushing from Okta to Office 365: user.getInternalProperty("id")

A. Yes

B. No

Which is a / are best-practice(s) in a SAML 2.0 situation? Solution: To never enable SAML for all your end-users

A. Yes

B. No

Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using: Solution: The SCIM standard

A. Yes

B. No

In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.

Solution: The statement is valid, but Okta is not the one doing authentication - IWA Agent and AD Agent are doing that as AD agent verifies the AD user's identity

A. Yes

B. No

Which of the following is / are true?

Solution: If an MFA factor is set to 'required' and another MFA factor set to 'optional', then users can enroll into both factors and then can use either of them for successful logins

A. Yes

B. No

Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests? Solution: Yes, an Okta Application Integration Agent

A. Yes

B. No

With agentless DSSO (Desktop Single Sign-on), you still have a need of deploying IWA Agents in your Active Directory domains to implement DSSO functionality.

Solution: The statement is true, as agentless DSSO means no AD agents, not no IWA agents

A. Yes

B. No

Whenever you make an API call, you will then get back: Solution: Response headers

A. Yes

B. No