Okta-Certified-Consultant Dumps Okta-Certified-Consultant Braindumps

Okta-Certified-Consultant Real Questions Okta-Certified-Consultant Practice Test Okta-Certified-Consultant Actual Questions


Okta


Okta-Certified-Consultant


Level 3: Okta Certified Consultant


https://killexams.com/pass4sure/exam-detail/Okta-Certified-Consultant


Question: 20


You don't have the same possibility you have for an On-Prem MFA Agent or AD Agent, to increase the logging level, in the case of an Okta Radius server.


  1. Statement is True

  2. Statement is False

  3. Statement is False and you even have 4 modes that you can simply enable via GUI: INFO, DEBUG, WARN, ERROR


Answer: B Question: 21

Okta can be used to authenticate a user into a:


  1. Single Page App

  2. Web App

  3. Mobil App


Answer: A,B,C Question: 22

Open ID Connect and OAuth 2.0 are used as follows:


  1. OIDC is used to authorize users into a web application, whereas OAuth 2.0 is used to authorize access for API purposes

  2. OIDC is used to authenticate users into a web application, whereas OAuth 2.0 is used to authorize access for API purposes

  3. OIDC is used to authorize users into a web application, whereas OAuth 2.0 is used to authenticate access for API purposes

  4. OIDC is used to authenticate users into a web application, whereas OAuth 2.0 is used to authenticate access for API purposes


Answer: B Question: 23

You can use Okta org. as an authorization server.


  1. This is used with the issuer being https://okta.com

  2. This is used for OIDC use cases

  3. This is used for Authentication use cases

  4. This is used with an issuer being https://<subdomain>.okta.com

  5. You cannot use Okta org as an authorization server


Answer: A,B,D Question: 24

Beside Okta org. being used as an authorization server, there also can be other types of authorization servers added (other custom ones).


  1. FALSE

  2. TRUE

  3. True and the issuer looks like: https://<subdomain>.okta.com/oauth2/${authorizationServerId}

  4. True and the issuer looks like: https://<subdomain>.okta.com

  5. True and the issuer looks like: https://okta.com


Answer: A,B,C Question: 25

Okta org, when being used as an authorization server (issuer: https://<subdomain>.okta.com), can only be used for OIDC (Open ID Connect, hence Authentication) and not for OAuth (Authorization).


  1. Statement is False in its entirety

  2. Statement is True in its entirety

  3. True, but for the issuer part, where the URL is wrong

  4. False, but for the correlation between OIDC and Authentication, which is indeed True


Answer: A Question: 26 You cannot:

  1. Have multiple authorization servers in Okta

  2. Edit the access policy in Okta, when Okta is the Default Authorization Server

  3. Have custom scopes when Okta is the authorization server


Answer: B Question: 27

The authorization server also acts as an:


  1. OpenID Connect Provider, which means you can request ID tokens in addition to access tokens from the authorization server endpoints

  2. OpenID Connect protocol, which means you can request ID tokens in addition to OIDC or OAuth 2.0 tokens from the authorization server endpoints

  3. OpenID Connect Provider, which means you can request ID tokens in addition to access tokens from the authentication server endpoints

  4. OpenID Connect Provider, which means you can request Open ID Connect tokens in addition to access tokens from

the authentication server endpoints


Answer: A Question: 28

Access tokens are returned if 'response_type' included:


  1. 'nonce'

  2. 'none'

  3. 'access'

  4. 'token'

  5. 'access_token'


Answer: D Question: 29

'code' is an opaque value that is returned if 'reponse_type' includes:


  1. 'code' and 'code' has a lifetime of 45 seconds

  2. 'token' and 'code' has a lifetime of 24 hours

  3. 'value' and 'code' has a lifetime of 90 seconds

  4. 'code' and 'code' has a lifetime of 60 seconds


Answer: D Question: 30

'scope' is returned only if the response includes:


  1. A 'token' value

  2. A 'scope' value

  3. A claim

  4. An access_token


Answer: D Question: 31

'grant_type' can take value(s) out of the following:


  1. 'authorization_code'

  2. 'nonce'

  3. 'client_credentials'

  4. 'refresh_token'

  5. 'password'


Answer: A,C,D,E Question: 32

'unsupported_grant_type' error is thrown when the 'grant_type' isn't:


  1. 'authorization_code'

  2. 'refresh_token'

  3. 'client_credentials'

  4. 'password'


Answer: A,B,C,D Question: 33

'invalid_client' error is thrown when:


  1. The scopes list contains an invalid or unsupported value

  2. The specified 'client_id' wasn't found

  3. The request structure was invalid


Answer: B Question: 34

'token_type_hint' indicates the type of 'token' being passed. Valid value(s) can be:


  1. 'access_token'

  2. 'oidc_token'

  3. 'id_token'

  4. 'refresh_token'


Answer: A,C,D Question: 35

There is a property named 'uid', which is the user ID. This parameter is returned:


  1. Only if the token is a refresh token and the subject is an end user

  2. Only if the token is an access token and the subject is an end user

  3. Only if the token is an access token and the subject is an admin

  4. Only if the token is an refresh token and the subject is a resource server

  5. Only if the token is an access token and the subject is a authorization server


Answer: B