EMT Practice Test

1. Question Content...


Question List

Question1: Any ... <answer_goes_here>'s credentials verified under "Test API credentials" in an Office365 app integration can allow Okta API integration with Office 365 - permissions which once successfully granted will be used by Okta used for Provisioning related tasks Solution: Office 365 user

Question2: When does Okta bring LDAP roles into Okta?
Solution: Only during an LDAP import

Question3: With Okta you federate the 'Office 365 tenant name' (which is the default Microsoft domain you have) or the 'Office 365 domain'?
Solution: You federate with Okta only the 'Office 365 domain'

Question4: When you call a GET API call for users / groups / and other such objects, the response is usually Paginated, in case these are a lot of objects returned. What do you do in order to retrieve all objects?
Solution: You call the very same API with the help of a different token, hence will return the next page of objects

Question5: If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:
Solution: Delete the mapping by the help of which the value came into Okta User Profile

Question6: Any ... <answer_goes_here>'s credentials verified under "Test API credentials" in an Office365 app integration can allow Okta API integration with Office 365 - permissions which once successfully granted will be used by Okta used for Provisioning related tasks Solution: Office 365 Global Administrator

Question7: In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?
Solution: In 'Provisioning', CRUD stands for Create, Read, Upload, Deprovision

Question8: When using Okta Expression Language, which of the following will have the output: okta.com Solution: String.substringBefore("[email protected]", "@okta.com")

Question9: Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.
Solution: Only the second statement is true

Question10: After you turn on Desktop SSO, a default DSSO related routing rule is created. You must configure the network information for this rule.
Solution: The statement is partially true, as the networking information is already added within this rule

Question11: Regarding policies, Okta recommends:
Solution: To have one policy rule per application, as more will most probably alter the behavior too much and you may miss important behaviors

Question12: In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?
Solution: In 'Provisioning', CRUD stands for Create, Read, Update, Delete

Question13: As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.
Solution: Only the first statement is true

Question14: Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using:
Solution: The SCIM standard

Question15: Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using:
Solution: The OAuth 2.0 standard

Question16: When you are trying to federate (via WS-FED) Office 365 with Okta:
Solution: You can choose to skip importing user groups and group memberships into Okta

Question17: After you turn on Desktop SSO, a default DSSO related routing rule is created. You must configure the network information for this rule.
Solution: The statement is true

Question18: When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId") Solution: Graph

Question19: Once brought into Okta, LDAP roles are represented as:
Solution: Licences

Question20: When does Okta bring LDAP roles into Okta?
Solution: Only during LDAP JIT

Question21: You just re-enabled IWA DSSO and notice it's not behaving as it should. What is an aspect you should keep in mind?
Solution: That when re-enabling IWA DDSO the Identity Provider (IDP) routing rules must be manually reactivated

Question22: Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?
Solution: Yes, an Okta Provisioning Agent

Question23: The SCIM protocol is <response_is_entered_here> for provisioning and managing identity data on the web.
Solution: An application-level TLS protocol

Question24: As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.
Solution: Both statements are true

Question25: With Okta you federate the 'Office 365 tenant name' (which is the default Microsoft domain you have) or the 'Office 365 domain'?
Solution: You federate with Okta only the 'Office 365 tenant name'

Question26: Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?
Solution: You can do this with both policy types mentioned

Question27: In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?
Solution: In 'Provisioning', CRUD stands for Create, Read, Update, Deprovision

Question28: When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Sync Password option active under Provisioning settings - will begin to sync the password in respective apps, but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password

Question29: Can you map the Okta user ID as an Office 365 Immutable ID?
Solution: Not possible, as Office 365 requires an Immutable ID extracted from either On-Prem AD or Azure AD

Question30: Whenever you make an API call, you will then get back:
Solution: A new object (a user, group or app object)

Question31: Okta AD Agents can be successfully and completely configured by:
Solution: Read-only administrators

Question32: What does SCIM stand for?
Solution: System of Cross-scripting-domain Identity Management

Question33: Can you map the Okta user ID as an Office 365 Immutable ID?
Solution: Done via mappings, by pushing from Okta to Office 365: user.getInternalProperty("id")

Question34: The SCIM protocol is <response_is_entered_here> for provisioning and managing identity data on the web.
Solution: An application-level REST protocol

Question35: What does it mean: "Mapping Direction AD to Okta"?
Solution: Indicates a schema of attribute values flowing AD towards Okta's Apps directly, Okta just facilitating this end-to-end direct flow

Question36: Once brought into Okta, LDAP roles are represented as:
Solution: Groups

Question37: Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.
Solution: Both statements are false

Question38: Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.
Solution: Both statements are true

Question39: How can SAML provision attributes via JIT? Or even create users?
Solution: By including specific information in the assertion

Question40: In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:
Solution: An SP authorizes the users, while the IDP authenticates them

Question41: In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.
Solution: The statement is valid, but Okta is not the one doing authentication - IWA Agent and AD Agent are doing that as AD agent verifies the AD user's identity

Question42: The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.
Solution: The statement is false

Question43: When using Okta Expression Language, which of the following will have the output: okta.com Solution: String.substring("[email protected]", "@")

Question44: In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.
Solution: The statement is valid, but Okta is not the one doing decryption - the browser is doing that

Question45: In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:
Solution: An IDP authorizes the users, while the SP authenticates them