NO.20 Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?
Solution: Only for Password policies you have such granularity

NO.21 Regarding policies, Okta recommends:
Solution: To include a policy rule that catches not wanted behaviors as a first priority and then label others for permitted behaviors

NO.22 When using Okta Expression Language, which of the following will have the output: This is a test Solution: String.replace(“That is a test”, “is”, “at”)

NO.23 Okta has a json representation of objects such as ‘users’, json schema interchanged on API calls, as an example, but what about the format of information regarding of a user going to a SCIM server for creating the user in an On Premises application?
Solution: Format is different: yml

NO.24 You just re-enabled IWA DSSO and notice it’s not behaving as it should. What is an aspect you should keep in mind?
Solution: That when re-enabling IWA DDSO a new set of Identity Provider (IDP) routing rules have to be created

NO.25 Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?
Solution: Only for Sign On policies you have such granularity

NO.26 Any … <answer_goes_here>’s credentials verified under “Test API credentials” in an Office365 app integration can allow Okta API integration with Office 365 – permissions which once successfully granted will be used by Okta used for Provisioning related tasks Solution: Office 365 Global Administrator

NO.27 In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active Solution: It will always redirect to Okta and in this case only – will promt the user for re-authentication by manually entering Okta credentials

NO.28 When a user signs out of Okta, if they are using IWA, they’ll be redirected to the Sign In page and without inputting credentials they’ll be signed back in Solution: Statement is true, but then they’ll be displayed a 403 HTTP code (Forbidden)

NO.29 The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.
Solution: The statement is true

NO.30 Once brought into Okta, LDAP roles are represented as:
Solution: Groups

NO.31 Okta AD Agents can be successfully and completely configured by:
Solution: Read-only administrators

NO.32 On a Windows machine, which is the right behavior if you try to sign into your Okta org and agentless DSSO is properly configured for it?
Solution: You will be automatically redirected to your end user’s apps dashboard without entering any credentials

NO.33 With agentless DSSO (Desktop Single Sign-on), you still have a need of deploying IWA Agents in your Active Directory domains to implement DSSO functionality.
Solution: The statement is true, but not for the part about: the deployment of IWA Agents into Active Directory domains. The IWA Agents can now be deployed on whichever machine, it’s a unique functionality that only agentless DSSO has and not on-prem DSSO.

NO.34 Which port and which of the: ‘http’ or SSL enabled connections does Okta recommend?
Solution: Port 80 and SSL enabled connections

NO.35 On a Windows machine, which is the right behavior if you try to sign into your Okta org and agentless DSSO is properly configured for it?
Solution: You will be automatically redirected to your Load-Balancing Application, if you have one configured, enter credentials for it and then redirected back to Okta org

NO.36 Which is a / are best-practice(s) in a SAML 2.0 situation?
Solution: To never enable SAML for all your end-users

NO.37 Which of the following is / are true?
Solution: If an MFA factor is set to ‘required’ and another MFA factor set to ‘optional’, then users can enroll into both factors and then can use either of them for successful logins

NO.38 In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:
Solution: An SP authorizes the users, while the IDP authenticates them