Latest Okta-Certified-Consultant Practice Tests with Actual Questions

Okta-Certified-Consultant Dumps Okta-Certified-Consultant Braindumps

Okta-Certified-Consultant Real Questions Okta-Certified-Consultant Practice Test Okta-Certified-Consultant Actual Questions

Okta

Okta-Certified-Consultant

Level 3: Okta Certified Consultant

https://killexams.com/pass4sure/exam-detail/Okta-Certified-Consultant

Question: 20

You don't have the same possibility you have for an On-Prem MFA Agent or AD Agent, to increase the logging level, in the case of an Okta Radius server.

1. Statement is True

2. Statement is False

3. Statement is False and you even have 4 modes that you can simply enable via GUI: INFO, DEBUG, WARN, ERROR

Answer: B
Question: 21

Okta can be used to authenticate a user into a:

1. Single Page App

2. Web App

3. Mobil App

Answer: A,B,C
Question: 22

Open ID Connect and OAuth 2.0 are used as follows:

1. OIDC is used to authorize users into a web application, whereas OAuth 2.0 is used to authorize access for API purposes

2. OIDC is used to authenticate users into a web application, whereas OAuth 2.0 is used to authorize access for API purposes

3. OIDC is used to authorize users into a web application, whereas OAuth 2.0 is used to authenticate access for API purposes

4. OIDC is used to authenticate users into a web application, whereas OAuth 2.0 is used to authenticate access for API purposes

Answer: B
Question: 23

You can use Okta org. as an authorization server.

1. This is used with the issuer being https://okta.com

2. This is used for OIDC use cases

3. This is used for Authentication use cases

4. This is used with an issuer being https://<subdomain>.okta.com

5. You cannot use Okta org as an authorization server

Answer: A,B,D
Question: 24

Beside Okta org. being used as an authorization server, there also can be other types of authorization servers added (other custom ones).

1. FALSE

2. TRUE

3. True and the issuer looks like: https://<subdomain>.okta.com/oauth2/${authorizationServerId}

4. True and the issuer looks like: https://<subdomain>.okta.com

5. True and the issuer looks like: https://okta.com

Answer: A,B,C
Question: 25

Okta org, when being used as an authorization server (issuer: https://<subdomain>.okta.com), can only be used for OIDC (Open ID Connect, hence Authentication) and not for OAuth (Authorization).

1. Statement is False in its entirety

2. Statement is True in its entirety

3. True, but for the issuer part, where the URL is wrong

4. False, but for the correlation between OIDC and Authentication, which is indeed True

Answer: A
Question: 26 You cannot:

1. Have multiple authorization servers in Okta

2. Edit the access policy in Okta, when Okta is the Default Authorization Server

3. Have custom scopes when Okta is the authorization server

Answer: B
Question: 27

The authorization server also acts as an:

1. OpenID Connect Provider, which means you can request ID tokens in addition to access tokens from the authorization server endpoints

2. OpenID Connect protocol, which means you can request ID tokens in addition to OIDC or OAuth 2.0 tokens from the authorization server endpoints

3. OpenID Connect Provider, which means you can request ID tokens in addition to access tokens from the authentication server endpoints

4. OpenID Connect Provider, which means you can request Open ID Connect tokens in addition to access tokens from

the authentication server endpoints

Answer: A
Question: 28

Access tokens are returned if 'response_type' included:

1. 'nonce'

2. 'none'

3. 'access'

4. 'token'

5. 'access_token'

Answer: D
Question: 29

'code' is an opaque value that is returned if 'reponse_type' includes:

1. 'code' and 'code' has a lifetime of 45 seconds

2. 'token' and 'code' has a lifetime of 24 hours

3. 'value' and 'code' has a lifetime of 90 seconds

4. 'code' and 'code' has a lifetime of 60 seconds

Answer: D
Question: 30

'scope' is returned only if the response includes:

1. A 'token' value

2. A 'scope' value

3. A claim

4. An access_token

Answer: D
Question: 31

'grant_type' can take value(s) out of the following:

1. 'authorization_code'

2. 'nonce'

3. 'client_credentials'

4. 'refresh_token'

5. 'password'

Answer: A,C,D,E
Question: 32

'unsupported_grant_type' error is thrown when the 'grant_type' isn't:

1. 'authorization_code'

2. 'refresh_token'

3. 'client_credentials'

4. 'password'

Answer: A,B,C,D
Question: 33

'invalid_client' error is thrown when:

1. The scopes list contains an invalid or unsupported value

2. The specified 'client_id' wasn't found

3. The request structure was invalid

Answer: B
Question: 34

'token_type_hint' indicates the type of 'token' being passed. Valid value(s) can be:

1. 'access_token'

2. 'oidc_token'

3. 'id_token'

4. 'refresh_token'

Answer: A,C,D
Question: 35

There is a property named 'uid', which is the user ID. This parameter is returned:

1. Only if the token is a refresh token and the subject is an end user

2. Only if the token is an access token and the subject is an end user

3. Only if the token is an access token and the subject is an admin

4. Only if the token is an refresh token and the subject is a resource server

5. Only if the token is an access token and the subject is a authorization server

Answer: B