Free Microsoft Security SC-900 Actual Exam Questions - Question 6 Discussion
HOTSPOT For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. 
For the second statement about OAuth 2.0 being an authorization protocol, that’s definitely true—it’s designed for authorization, not authentication. Also, the third statement about SAML using XML makes sense; SAML is XML-based, so that should be Yes. The last statement about SAML being RESTful is false, since SAML relies on XML and SOAP, not REST. So overall, I’d say Yes for the first three and No for the last.
This one’s tricky since the statements are about identity providers and protocols. The first statement is definitely true - OpenID Connect is built on OAuth 2.0. The last one feels off because SAML isn’t based on REST, so that should be No. For the middle ones, I’d say “Yes” to standards being used by Azure AD for federation, but I’m less sure about WS-Federation’s current role since it’s kind of legacy. Would avoid marking everything as Yes straight away since some could be partial truths or outdated info. Also watch out for confusing OAuth and OpenID-it’s a common trap here.