Okta Certified Developer Exam Questions

1. Pass Okta Okta Certified Developer Exam with Real Questions Okta Okta Certified Developer Exam Okta Certified Developer Exam https://www.passquestion.com/Okta-Certified-Developer.html 35% OFF on All, Including Okta Certified Developer Questions and Answers Pass Okta Okta Certified Developer Exam with PassQuestion Okta Certified Developer questions and answers in the first attempt. https://www.passquestion.com/ 1 / 4

2. 1.When you are using a Custom Authorization Server, you can configure the lifetime of the JWT tokens. A. For access tokens the minimum is 60 minutes and the maximum is 1 year B. For access tokens the minimum is 5 minutes and the maximum is 24 hours C. For refresh tokens the idle window is at least 10 minutes and the maximum is 5 years D. For refresh tokens the idle window is at least 5 minutes and the maximum is 24 hours Answer: B,C 2.In regards to Authorization Server's Key Rotation: A. You cannot rotate the keys manually, as it will surely cause permanent sync issues between authorization and resource servers B. You can rotate the keys manually C. Keys are rotated automatically by default Answer: B,C 3.Apps created on '/api/v1/apps' endpoint default to: A. 'consent_method=REQUIRED', while those created on '/api/v1/clients' default to 'consent_method=TRUSTED' B. 'consent_method=REQUIRED', while those created on '/api/v1/clients' default to 'consent_method=REQUIRED' C. 'consent_method=TRUSTED', while those created on '/api/v1/clients' default to 'consent_method=TRUSTED' D. 'consent_method=TRUSTED', while those created on '/api/v1/clients' default to 'consent_method=REQUIRED' Answer: D 4.If you request a scope which requires consent while using the 'client_credentials' flow: A. The scope asked for is returned B. A user auth prompt is returned. Because the user is not authenticated C. An error is returned. Because as there is no user - no consent can be given Answer: C 5.When speaking about Scopes we have a 'prompt' value, a 'consent_method' and the 'consent'. If the 'prompt' value is set to 'NONE', but the 'consent_method' and the 'consent' values to 'REQUIRED', the A. You will have an error telling you that the 'prompt' value can never be 'NONE' B. You will have WARN type of message displayed due to the fact that is redundant to set both 'consent_method' and 'consent' to 'REQUIRED' C. You will be thrown an error Answer: C 6.The scope name must only contain printable ASCII, except for: A. Spaces B. Double quotes C. Backslashes D. Commas 2 / 4

3. Answer: A,B,C 7.The scope name must: A. Start with 'okta' B. Not start with 'okta' C. Start with 'okta:' D. Not start with 'okta:' E. Not be only 'okta' or '*' F. Only be 'okta' or '*' Answer: B,D,E 8.When you are using the Okta Authorization Server, the lifetime of the JWT token is hard-coded to the following values: A. ID token: 60 minutes. Access token 30 minutes. Refresh token 60 minutes B. ID token: 60 minutes. Access token 60 minutes. Refresh token 90 days C. ID token: 30 minutes. Access token 60 minutes. Refresh token 60 minutes D. ID token: 60 minutes. Access token 90 minutes. Refresh token 60 days Answer: B 9.When you are using a Custom Authorization Server, you can configure the lifetime of the JWT tokens, for example the lifetime of ID tokens. A. TRUE B. False, with the exception of the fact that some tokens' lifetime can indeed be customized in this situation, just not the ID tokens' one C. True, with the mention that only this token's lifetime can be customized in such a scenario Answer: B 10.When you are using a Custom Authorization Server, you can configure the lifetime of the Refresh Tokens and you can even set those with a lifetime of 4 years or even more. A. False, due to security issues B. True, but with a limit at 10 years C. TRUE D. FALSE Answer: C 11.When using Okta as an authorization server: A. You can set the audience to the preferred custom service you'll use B. The audience is always set to Okta org itself C. You cannot set the audience D. You cannot set the audience as it can only be used with the Okta org in the userinfo request to get the user claims Answer: B,C,D 12.In either cases: where Okta is the Authorization Server or where you are using a Custom Authorization 3 / 4

4. Server - the ID tokens' lifetime is: A. Set to 60 minutes B. Set to 1 minute C. Configurable between 5 minutes and 1 year Answer: A 13.'openid' is required for any OpenID request connect flow. A. If the 'openid' scope value is not present, the request is not a valid OAuth 2.0 request either B. If the 'openid' scope value is not present, the request may still be a valid OAuth 2.0 request and also a valid OpenID Connect request C. If the 'openid' scope value is not present, the request may still be a valid OAuth 2.0 request, but not a valid OpenID Connect request Answer: C 14.'offline_access' can only be requested in combination with a 'response_type' that contains 'code'. A. The statement is False is its entirety B. The statement is True, with the exception that instead of 'code'. there should be 'REQUIRED' C. The statement is True, as if the 'response_type' doesn't contain 'code', 'offline_access' is ignored Answer: C 15.'profile' requests access to these default profile claims: A. 'name', 'family_name', 'given_name', 'middle_name', 'nickname' B. 'gender', 'birthdate' C. 'profile' D. 'locale' Answer: A,B,C,D 16.'none' - Use this with clients that don't have a client secret: A. Such as applications that use the authorization code flow with PKCE B. Not with applications that use the authorization code flow with PKCE C. Such as applications that use the implicit flow D. Not with applications that use the implicit flow Answer: A,C 17.When you want higher security in the flow, use: A. 'consent_method' set to 'REQUIRED' B. 'consent' set to 'REQUIRED' C. 'private_key_jwt' D. 'none' as the client secret Answer: C 4 / 4