Okta Okta-Certified-Consultant 問題集

質問 1：
Is SAML 2.0 Assertion flow one of the OAuth 2.0 flows?
A. No, SAML 2.0 Assertion flow is an entirely different protocol
B. The only Oauth flows that exist are: "Client Authorization flow", "Authorization Code flow", "Authorization Code flow with PKCE", "Server Authorization flow"
C. Yes, it is
正解：C

質問 2：
Which Okta feature / solutions offers the admin the possibility to redirect desktop users to Integrated Windows Authentication (IWA) and mobile users to Okta for authentication?
A. Agentless DSSO
B. Device Trust
C. Desktop Single-Sign On
D. On-Prem MFA Agent
E. Routing Rules
F. Org to Org
正解：E

質問 3：
Can you specify in Okta an amount of time after which a ''Locked'' account becomes ''Unlocked''?
A. No, unless it,s for Office 365 sourced users
B. Yes, only for AD sourced users
C. No
D. Yes
正解：D

質問 4：
Which is / are true about Okta ThreatInsight:
A. Requests blocked by this feature allows Okta to prevent user accounts lockouts from suspicious IP addresses
B. This feature is needed in order to not have a limit on the Network Zones you are allowed to have by default (LegacyIPZone and Block List zone)
C. Is a detection process that takes place prior to authentication evaluation
正解：A,C

質問 5：
Is it alright, as a best-practice with Okta, to install AD Agent in close proximity to the location of your users?
A. No, Okta randomly selects an AD Agent, location is not a factor in this equation
B. Yes, this way there will surely be less hops on a traceroute for the requests
C. Yes, Okta is pinging all the AD Agents to find their location and then it will use the one closest to the user initiating log in requests
正解：A

質問 6：
Can I add more than one domain?
A. No, you can only have one custom domain set up for your organization
B. You are limited to three custom domains per org
C. Yes, you can have multiple custom domains set up for your organization
正解：B

質問 7：
In a SAML Trace, you can see that on an [Okta (IDP) App SAML request towards an App (SP side)] where you''ve already configured some regex-matching custom SAML attributes (not set in Mappings, but directly in the SAML App''s config) to be passed over, these (which are named in the App''s config as ''User attributes'' or ''Group attributes'') are send:
A. As an API header
B. Encrypted
C. Unencrypted
D. Back to Okta
正解：C

質問 8：
Which of the following is / are true?
A. Pushing groups by rule is a Push Group limitation
B. None of the above is a Push Group limitation.
C. Using the same Okta group for assignments and Group Push - is a Push Group limitation
D. Pushing groups by name is a Push Group limitation
正解：C

質問 9：
Which of the following is / are true?
A. ,Group Push, option exists on every app having Provisioning standard supported
B. ,Group Push, option exists on every app having SAML 2.0 enabled
C. ,Group Push, option exists on few apps, not all having Provisioning supported to begin with
正解：C