OKTA-CERTIFIED-ADMINISTRATOR Online Practice Questions and Answers

The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.

Solution: The statement is partically true - as it has nothing to do with RSA

A. Yes

B. No

In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.

Solution: The statement is valid, but Okta is not the one doing decryption - the browser is doing that

A. Yes

B. No

Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.

Solution: Only the second statement is true

A. Yes

B. No

When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in

Solution: Statement is true, but then they'll be displayed a 403 HTTP code (Forbidden)

A. Yes

B. No

As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.

Solution: Only the first statement is true

A. Yes

B. No

With Okta you federate the 'Office 365 tenant name' (which is the default Microsoft domain you have) or the 'Office 365 domain'?

Solution: You federate with Okta both the 'Office 365 tenant name' and the 'Office 365 domain'

A. Yes

B. No

Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using: Solution: The OIDC standard

A. Yes

B. No

When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId")

Solution: Boolean

A. Yes

B. No

You just re-enabled IWA DSSO and notice it's not behaving as it should. What is an aspect you should keep in mind?

Solution: That when re-enabling IWA DDSO the Identity Provider (IDP) routing rules must be manually reactivated

A. Yes

B. No

What does it mean: "Mapping Direction AD to Okta"?

Solution: Indicates a schema of attribute values flowing AD towards Okta

A. Yes

B. No