How to prepare for Okta Certified Administrator Exam with DumpsBase Online Dumps?

1. When you are trying to federate (via WS-FED) Office 365 with Okta:

Solution: You can choose between SAML 2.0 or OIDC for the current integration

2. The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.

Solution: The statement is true

3. There might be specific AD attributes, which - apart from others - do not appear in the Okta user profile. Can those extra attributes be mapped and provisioned towards an app?

Solution: No, it is not possible as Okta queries the whole AD schema and retrieves everything that it's able to

4. Speaking of Okta Template App and Okta Pluin Template App, which of the following RegEx can you create for an allow list of URLS so that both endpoints for /login or /change_password are accepted under example.com domain?

Solution: https://example.com/(login|change_password)

5. When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in

Solution: Statement is true

6. With Okta Retention Policy, App generated data and reporting based on log data older than how many months is automatically removed (not considering the Backup Data)?

Solution: This data is never removed, as per GDPR

7. Okta AD Agents can be successfully and completely configured by:

Solution: Read-only administrators

8. When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in

Solution: Statement is false, as this would represent a security concern

9. On a Windows machine, which is the right behavior if you try to sign into your Okta org and agentless DSSO is properly configured for it?

Solution: You will be automatically redirected to your Load-Balancing Application, if you have one configured, enter credentials for it and then redirected back to Okta org

10. The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.

Solution: The statement is partically true - as it has nothing to do with RSA

11. Once brought into Okta, LDAP roles are represented as:

Solution: Email lists

12. In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.

Solution: The statement is valid, but Okta is not the one doing decryption - the browser is doing that

13. Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.

Solution: Only the second statement is true

14. The SCIM protocol is <response_is_entered_here> for provisioning and managing identity data on the web.

Solution: An application-level REST protocol

15. After you turn on Desktop SSO, a default DSSO related routing rule is created. You must configure the network information for this rule.

Solution: You have nothing to do and even the rule is by default set to "Active"

16. In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs .

What about its meaning here, in Okta's vision?

Solution: In 'Provisioning', CRUD stands for Create, Read, Upload, Deprovision

17. Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.

Solution: Both statements are true

18. When a user's Okta password is changed:

Solution: All apps that are Provisioning-enabled and have Update Attributes option active under Provisioning settings - will begin to sync the password in respective apps, as password is an attribute of their profile - but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password

19. When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in

Solution: Statement is true, but then they'll be displayed a 403 HTTP code (Forbidden)

20. When does Okta bring LDAP groups into Okta?

Solution: Only during an LDAP import

21. Whenever you make an API call, you will then get back:

Solution: A new object (a user, group or app object)

22. The SCIM protocol is <response_is_entered_here> for provisioning and managing identity data on the web.

Solution: An application-level TLS protocol

23. Can you map the Okta user ID as an Office 365 Immutable ID?

Solution: Not possible, as Office 365 requires an Immutable ID extracted from either On-Prem AD or Azure AD

24. When does Okta bring LDAP groups into Okta?

Solution: Only during LDAP JIT

25. Okta has a json representation of objects such as 'users', json schema interchanged on API calls, as an example, but what about the format of information regarding of a user going to a SCIM server for creating the user in an On Premises application?

Solution: Format is different: xml

26. What does SCIM stand for?

Solution: System for CRSF-domain Identity Management

27. Can you map the Okta user ID as an Office 365 Immutable ID?

Solution: Not possible and not intended to be possible as it cannot work like this

28. Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?

Solution: Yes, and AD Agent

29. When using Okta Expression Language, which of the following will have the output:

okta.com

Solution: String.substringAfter("[email protected]", "@")

30. Regarding policies, Okta recommends:

Solution: Include a final catch-all rule that denies access to anything that does not match any of the preceding rules

31. After you turn on Desktop SSO, a default DSSO related routing rule is created. You must configure the network information for this rule.

Solution: The statement is true

32. When you are trying to federate (via WS-FED) Office 365 with Okta:

Solution: You can try to federate multiple Office 365 custom domains into a single Okta Office 365 app instance via SWA SSO protocol

33. Once brought into Okta, LDAP roles are represented as:

Solution: Licences

34. Once brought into Okta, LDAP roles are represented as:

Solution: Groups

35. If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:

Solution: Intentionally map a blank value to that specific attribute in the user profile

36. In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active

Solution: It will always redirect to Okta and in this case only - will promt the user for re-authentication by manually entering Okta credentials

37. When does Okta bring LDAP groups into Okta?

Solution: During both LDAP import and JIT

38. In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:

Solution: An SP sends SAML assertions, while the IDP receives and validates them

39. Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using:

Solution: The OAuth 2.0 standard

40. As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.

Solution: Only the first statement is true

41. In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.

Solution: The statement is entirely valid

42. When a user's Okta password is changed:

Solution: All apps that are Provisioning-enabled and have Sync Password option active under Provisioning settings - will begin to sync the password in respective apps, but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password

43. In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active

Solution: It might be seamless for the user, but the redirect is happening

44. When does Okta bring LDAP roles into Okta?

Solution: During both LDAP import and JIT

45. Any ... <answer_goes_here>'s credentials verified under "Test API credentials" in an Office365 app integration can allow Okta API integration with Office 365 - permissions which once successfully granted will be used by Okta used for Provisioning related tasks

Solution: Office 365 Global Administrator