Вы находитесь на странице: 1из 8

Okta Consultant Certification Practice Exam

The Okta Consultant Practice Exam consists entirely of a new and innovative item type called ​Discrete
Option Multiple Choice​ (DOMC). This item type is used across all Okta certification exams and practice
exams. For a deeper understanding of DOMC, please visit​ ​http://trydomc.com​ where you will find a
detailed description of DOMC, sample DOMC items spanning many subject areas, as well as a DOMC
scoring engine that displays the inner workings of DOMC items as they are graded.

Why DOMC?
DOMC provides several layers of security to help ensure exam results are valid measures of examinees’
abilities. Through the use of DOMC and other complementing technologies, Okta exams allow
examinees to demonstrate what they know without having to worry that others could unfairly pass by
cheating. Your employer or manager can be assured that your results are an accurate evaluation of your
knowledge, experience, and skills.

How is a DOMC item scored?


The scoring of a DOMC item and the presentation of answer options vary from exam to exam and is
governed by scoring and presentation rules. On the Okta Professional, Administrator, and Consultant
exams, five rules are in use:
1. Selecting the Yes button for the correct option results in a correct score.
2. Selecting the Yes button for an incorrect option results in an incorrect score.
3. Selecting the No button for the correct option results in an incorrect score.
4. Selecting the No button for an incorrect option postpones scoring, and another answer option(s)
is presented. You may, however, get the entire question correct with enough NO responses to
incorrect options.
5. At random intervals, an additional unscored answer option may be presented at the conclusion
of an item regardless of whether you have made a correct or an incorrect decision.

Note​: Examinees are not provided with real-time feedback on whether they have responded correctly or
incorrectly to an item. Instead, at the end of an exam, a performance report is provided. The
performance report contains percentage ratings that indicate how many items an examinee answered
correctly out of the total number of items within that section of the exam. A preliminary pass/fail
decision is also provided. Okta does not provide numeric grades.
Flow Chart
Use this flow chart to help you better understand the DOMC item scoring process.
Case Study
Answer Key
Below is the answer key for the items on this practice exam. Options highlighted in yellow indicate
correct responses. You may use this answer key to retake this practice exam so that you may get a
better understanding of how scoring works for DOMC items.

Question 1:
Ice cream truck drivers require the ability to authenticate to the VPN with their Okta account
credentials. To fulfill this requirement, the Okta Ice IT team plans to integrate the ice cream truck
drivers' VPN devices with Okta. These VPN devices have support for standard protocols.

Is this what the consultant should recommend to the Okta Ice IT team to enable them to integrate the
VPN devices with Okta?
A. Deploy the OPP Agent to allow the VPN device to validate credentials with Okta.
B. Deploy the Okta Active Directory (AD) Agent to allow the VPN device to validate credentials with
Okta.
C. Deploy the Okta RADIUS Agent to allow the VPN device to validate credentials with Okta.
D. Use the Okta API to validate user credentials with the Okta API.
E. Deploy the On-Premise Multifactor Authentication (MFA) Agent to allow the VPN to validate
credentials with Okta.

Question 2:
The Okta Ice IT team plans to use the Okta OPP Agent to provision users from external vendors into an
on-premise internal application. These users will be mastered in the Okta Ice LDAP domain for vendors,
which will be integrated with the Okta org.

Is this architectural element required for the deployment?


A. An application that is SCIM-enabled and on-premise, or a SCIM server connected to the
on-premise application
B. At least one Okta OPP Agent installed on an RPM-based Linux server or a Windows server that is
behind the Okta Ice firewall
C. The Okta Active Directory (AD) Agent
D. The Okta Desktop Single Sign-On (DSSO) Web Application
E. At least one Okta OPP Agent installed on an RPM-based Linux server or a Windows server in the
Okta Ice DMZ
F. A SimpleSAMLPHP application configured in the Okta org to connect to the Okta OPP Agent
Question 3:
The Okta Ice IT team is implementing User Lifecycle Management with Office 365 to provision licenses
to users. The IT team has used Microsoft AADConnect to sync users from Active Directory to Office 365.
After configuration, testing indicates that licenses are ​NOT​ being properly provisioned to users.

Is this an action the consultant should perform to troubleshoot the issue?


A. Import users from Office 365 to reconcile the Immutable ID.
B. Ensure the users are assigned an Office 365 license in Okta.
C. Utilize Group Push to push user groups from Okta into Office 365.
D. Enable User Sync Provisioning.
E. Enable Universal Sync Provisioning.

Question 4:
The Okta Ice IT team is implementing Salesforce for the sales team.

One requirement is that users must only be able to log in to Salesforce by using Single Sign-On (SSO) and
must ​NOT​ be able to log in directly to Salesforce by using an external URL. Additionally, users must be
able to access Salesforce on mobile devices.

Early adopters are reporting the following issues:


● Users can still log in directly to the Salesforce website.
● The login process with the Native mobile application is unclear.

To address these issues, Okta Ice executives informed the implementation team that the end-user
experience needs to be seamless on all devices.

Is this how the consultant should proceed?


A. Implement a custom domain solution.
B. Create a template application to require SSO.
C. Implement Okta provisioning with Sync password.
D. Deactivate the current Salesforce application and create a new one.
Question 5:
Okta Ice executive leadership is considering acquiring LemonCorp, a chain of lemonade stands.

LemonCorp has 90,000 employees in an Active Directory (AD) environment. Okta Ice executive
leadership needs to know how many additional Okta AD agents need to be deployed within the
LemonCorp Network to give LemonCorp employees access to Okta Ice's applications.

According to Okta standard practice, is this how many additional agents are needed?
A. 1 – 2
B. 2 – 3
C. 4 – 6
D. 1 – 3

Question 6:
The Okta Ice IT team has enabled Desktop Single Sign-On (DSSO) for employees. The expected flow is
that users authenticate by using VPN and are routed directly to their Okta home page.

However, users are being prompted to enter their credentials and are then routed to the Okta standard
login page. This is ​NOT​ the expected behavior from DSSO.

The consultant needs to resolve the issue.

Is this a correct step?


A. Ensure the Gateway IP for the VPN is enumerated in the Network List or IP Zone as On Network.
B. Force VPN users' browser URLs to the standard login page.
C. Set a sign-on rule for all Okta users.
D. Create a new On Network Policy that requires the users to authenticate via the standard login
page.

Question 7:
An Okta Ice external vendor, The Dairy Farm, already uses a third-party identity provider to enable users
to authenticate to applications. The Dairy Farm IT team wants to federate with Okta Ice's Okta org in
order to provide a seamless experience for The Dairy Farm employees when they access Okta Ice
applications, such as Box.

Does this step need to be performed on Okta Ice's Okta org to allow inbound federation?
A. Provide metadata from Okta Ice's Okta org to the vendor's IT team.
B. Import the vendor's IDP metadata to Okta Ice's Okta org.
C. Provide the gateway IP addresses for Okta Ice's agents.
D. Provide the profile mappings for users to the vendor's IT team.
Question 8:
The Okta Ice IT team has a security requirement to protect internal intellectual property, such as ice
cream recipes. They need to provide certain external vendors access to an application that contains this
sensitive information. These external vendors will continue to maintain their own Identity Providers.

The Okta Ice IT team wants to use the most strict security posture possible.

Is this an architecture the consultant should recommend to the Okta Ice IT team, to allow these external
vendors secure access?
A. Inbound federation with Multifactor Authentication (MFA)
B. Outbound federation with Multifactor Authentication (MFA)
C. Inbound federation with an Okta Active Directory (AD) Agent
D. Outbound federation with an Okta Active Directory (AD) Agent
E. Inbound federation with the OPP Agent
F. Outbound federation with the OPP Agent

Question 9:
A consultant is designing the login process for Okta Ice's customer website. The Okta Ice IT team has
specified that the website must be on the company's own web domain (oktaice.com), and users should
NOT​ be redirected to the Okta org.

The Okta Ice IT team wants to minimize the amount of custom development that is required, but still
wants to be able to customize the layout and style of the login page, including a specific logo and font.

Is this an option that the consultant should recommend to the Okta Ice IT team?
A. Use the Authentication API on the server-side.
B. Use the Okta Sign-in Widget.
C. Use the standard Okta login page.
D. Use the Java SDK to implement the login flow for the application.
E. Use the .NET SDK to implement the login flow for the application.
Question 10:
A consultant is developing the account registration process for Okta Ice's new customer website. This
will use the Okta API to create an account in Okta for each customer when they register.

Is this the Okta API that should be used to create a new account?
A. Users API
B. Groups API
C. Schemas API
D. Templates API
E. Events API
F. Authentication API
G. Registration API
H. Update API

Question 11:
The Okta Ice Human Resources (HR) team is considering investing in a cloud-based HR system.

Is this a benefit of using HR provisioning in Okta?


A. It expedites the onboarding and offboarding of new employees when they join or leave the
organization.
B. It allows users to access Okta Ice resources more easily when outside the office and on mobile
devices.
C. It improves the experience for customers who want to interact with Okta Ice via social media.
D. It enables the use of multifactor authentication for users who have access to privileged company
information.

Question 12:
A customer has implemented a custom in-house application in the .Net programming language. The
application needs UPN claims in order to authenticate the user.

The customer contacts Okta Professional Services to engage a consultant to implement WS-FED. The
application has been configured, but it is ​NOT​ redirecting to Okta for authentication.

Is this what the consultant should do to resolve this issue?


A. Update the passive federation URL from Okta to the web.config issuer tag.
B. Update the Okta issuer to the web.config issuer tag.
C. Update the realm trust to realm endpoint in the web.config.
D. Update the Identity Provider Federation metadata in the web.config.
E. Update the passive federation URL from Okta to the web.config audience URI.