Okta Okta-Certified-Consultant 問題集

質問 1：
''invalid_client'' error is thrown when:
A. The request structure was invalid
B. The specified ,client_id, wasn,t found
C. The scopes list contains an invalid or unsupported value
正解：B

質問 2：
After you''ve created your external service, you have to register its endpoint in Okta.
A. Statement is False, as only users are registered, not services
B. Statement is False, as you are using Header-Based authentication and the token you provide in API calls acts as an API token, token which is in fact received from the external service itself, hence there is no need to register the service,s endpoint in Okta as on each and every call the authorization header is passed on and it will know exactly which Okta domain is calling the service, so there is no need for a trust to be established in the Okta side as well
C. Statement is True
正解：C

質問 3：
How do you ensure high-availability for the On-Prem MFA Agent?
A. By installing another one on another Windows Server host
B. You can ensure high-availability by ensuring this On-Prem MFA Agent works on multiple AD forests / domains
C. You can only have one such Agent, so high-availability doesn,t apply in this scenario, but only for AD Agents, IWA Agents, so on
D. By configuring another Service Account on the same On-Prem MFA Agent so that if you lose one, to have another available
正解：A

質問 4：
In a SAML 2.0 scenario, the Service Provider never directly interacts with the Identity Provider. Instead, a browser acts as the agent to carry out all the redirections.
A. True, hence why different TLS versions can still be understood between parts and browser will forward the information then to the other side with the right TLS version needed
B. False, as SAML 2.0 implies the trust to be exchanged directly between IDP (Identity provider) and SP (Service Provider)
C. False, as APIs go directly into each other,s domains, thus endpoints
D. True for OIDC, not for SAML 2.0
正解：A

質問 5：
In regards to Inline Hooks, you can have with Okta:
A. SAML Assertion Inline Hooks
B. Token Inline Hook
C. User Export Inline Hook
D. Registration Inline Hook
E. Password Import Inline Hooks
正解：A,B,D,E

質問 6：
What is an API token?
A. Is a secret and should be treated like a password
B. Is an Application Programming Interface
C. Is an Application Point of Interest and should be visible to the company admin
D. Is an Advanced Protocol for Interaction between users actions and the cloud-based
正解：A,B

質問 7：
In an Inline Hook scenario, your ''custom code / app'' is referred to in Okta KB articles as being:
A. Your external service
B. Your webapp
C. Your external endpoints
正解：A

質問 8：
How can you let users from external Identity Providers SSO (Single Sign On) into Okta?
A. By only enabling JIT (Just-in-Time) Provisioning at an org-level
B. Okta is an IdP, hence it cannot be an SP to allow such a flow
C. By creating an Inbound SAML connection with that IdP
正解：C

質問 9：
Can Okta rate-limit requests and if so, can it do it under different limits depending on the endpoint requested?
A. Okta can restrict requests to an endpoint to a specific unique number that applies on the whole Okta cloud no matter the type of endpoint (resource requested)
B. Okta can restrict requests to an endpoint with different limits based on the API endpoint reached
C. Okta can restrict requests and is doing so throwing ,429 (Too Many Requests), HTTP status code when happening
D. Okta cannot restrict requests to an endpoint as it may cause 404s / 500s on the end-user,s page showing either "Resource Not Found" or "Internal Server Error" - depending on the endpoint reached
正解：B,C