EMT Practice Test

1. Question Content...


Question List

Question1: What does it mean: "Mapping Direction AD to Okta"?
Solution: Indicates a schema of attribute values flowing AD towards Okta

Question2: In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?
Solution: In 'Provisioning', CRUD stands for Create, Read, Upload, Deprovision

Question3: When does Okta bring LDAP groups into Okta?
Solution: Only during LDAP JIT

Question4: If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:
Solution: Simply delete the attribute from the Okta Admin Panel GUI

Question5: Regarding policies, Okta recommends:
Solution: Include a final catch-all rule that denies access to anything that does not match any of the preceding rules

Question6: Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using:
Solution: The OIDC standard

Question7: When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId") Solution: Array

Question8: When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Sync Password option active under Provisioning settings - will begin to sync the password in respective apps

Question9: When using Okta Expression Language, which of the following will have the output: This is a test Solution: String.append("This is", " a test")

Question10: Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using:
Solution: The SCIM standard

Question11: On a Windows machine, which is the right behavior if you try to sign into your Okta org and agentless DSSO is properly configured for it?
Solution: You will be automatically redirected to your end user's apps dashboard without entering any credentials

Question12: In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active Solution: It will always redirect to Okta and in this case only - will promt the user for re-authentication by manually entering Okta credentials

Question13: When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Update Attributes option active under Provisioning settings - will begin to sync the password in respective apps, as password is an attribute of their profile - but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password

Question14: Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?
Solution: Yes, and AD Agent

Question15: What does SCIM stand for?
Solution: System for Cross-domain Identity Management

Question16: After you turn on Desktop SSO, a default DSSO related routing rule is created. You must configure the network information for this rule.
Solution: The statement is true

Question17: Okta has a json representation of objects such as 'users', json schema interchanged on API calls, as an example, but what about the format of information regarding of a user going to a SCIM server for creating the user in an On Premises application?
Solution: Format is different: yml

Question18: On a Windows machine, which is the right behavior if you try to sign into your Okta org and agentless DSSO is properly configured for it?
Solution: You will be automatically redirected to The Okta Sign In page for your organization, where you need to fill in with your AD credentials

Question19: When using Okta Expression Language, which of the following will have the output: okta.com Solution: String.substringBefore("[email protected]", "@okta.com")

Question20: Which of the following is / are true?
Solution: If an MFA factor is set to 'required' and another MFA factor set to 'disabled', then users can choose between the two factors when enrolling, but then can use only the first one for successful logins

Question21: Once brought into Okta, LDAP roles are represented as:
Solution: Licences

Question22: When does Okta bring LDAP groups into Okta?
Solution: Only during an LDAP import

Question23: Any ... <answer_goes_here>'s credentials verified under "Test API credentials" in an Office365 app integration can allow Okta API integration with Office 365 - permissions which once successfully granted will be used by Okta used for Provisioning related tasks Solution: Office 365 Global Administrator

Question24: In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?
Solution: In 'Provisioning', CRUD stands for Create, Read, Update, Delete

Question25: In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:
Solution: An SP sends SAML assertions, while the IDP receives and validates them

Question26: When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Sync Password option active under Provisioning settings - will begin to sync the password in respective apps, but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password

Question27: With Okta Retention Policy, App generated data and reporting based on log data older than how many months is automatically removed (not considering the Backup Data)?
Solution: This data is never removed, as per GDPR

Question28: Okta AD Agents can be successfully and completely configured by:
Solution: Organization administrators

Question29: When you call a GET API call for users / groups / and other such objects, the response is usually Paginated, in case these are a lot of objects returned. What do you do in order to retrieve all objects?
Solution: You call the very same API with the help of a different token, hence will return the next page of objects

Question30: The SCIM protocol is <response_is_entered_here> for provisioning and managing identity data on the web.
Solution: An application-level TLS protocol

Question31: The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.
Solution: The statement is partically true - as it has nothing to do with RSA

Question32: When you are trying to federate (via WS-FED) Office 365 with Okta:
Solution: You can choose to skip importing user groups and group memberships into Okta

Question33: With Okta you federate the 'Office 365 tenant name' (which is the default Microsoft domain you have) or the 'Office 365 domain'?
Solution: You federate with Okta only the 'Office 365 tenant name'

Question34: Which port and which of the: 'http' or SSL enabled connections does Okta recommend?
Solution: Port 80 and SSL enabled connections

Question35: You just re-enabled IWA DSSO and notice it's not behaving as it should. What is an aspect you should keep in mind?
Solution: That when re-enabling IWA DDSO the Identity Provider (IDP) routing rules must be manually reactivated

Question36: Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using:
Solution: The OAuth 2.0 standard

Question37: You just re-enabled IWA DSSO and notice it's not behaving as it should. What is an aspect you should keep in mind?
Solution: That when re-enabling IWA DDSO a new set of Identity Provider (IDP) routing rules have to be created

Question38: Which port and which of the: 'http' or SSL enabled connections does Okta recommend?
Solution: Port 443 and http connections

Question39: Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?
Solution: Yes, an Okta Application Integration Agent

Question40: Whenever you make an API call, you will then get back:
Solution: Okta events under '/events' endpoint

Question41: Can you map the Okta user ID as an Office 365 Immutable ID?
Solution: Done via mappings, by pushing from Okta to Office 365: user.getInternalProperty("id")

Question42: Can you map the Okta user ID as an Office 365 Immutable ID?
Solution: Not possible, as Office 365 requires an Immutable ID extracted from either On-Prem AD or Azure AD

Question43: How can SAML provision attributes via JIT? Or even create users?
Solution: By including specific information in the yaml structure sent over via a POST call

Question44: With Okta you federate the 'Office 365 tenant name' (which is the default Microsoft domain you have) or the 'Office 365 domain'?
Solution: You federate with Okta both the 'Office 365 tenant name' and the 'Office 365 domain'

Question45: Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?
Solution: Only for Password policies you have such granularity

Question46: Once brought into Okta, LDAP roles are represented as:
Solution: Email lists