HOTSPOTResources must authenticate to an identity provider.
You need to configure the Azure Access Control service.
What should you recommend? To answer, select the appropriate responses for each requirement in
the answer area.
Answer: 
Explanation:
Box 1:
* Token – A user gains access to an RP application by presenting a valid token that was issued by an
authority that the RP application trusts.
* Identity Provider (IP) – An authority that authenticates user identities and issues security tokens,
such as Microsoft account (Windows Live ID), Facebook, Google, Twitter, and Active Directory. When
Azure Access Control (ACS) is configured to trust an IP, it accepts and validates the tokens that the IP
issues. Because ACS can trust multiple IPs at the same time, when your application trusts ACS, you
can your application can offer users the option to be authenticated by any of the IPs that ACS trusts
on your behalf.How to Authenticate Web Users with Azure Active Directory Access Control
http://azure.microsoft.com/en-gb/documentation/articles/active-directory-dotnet-how-to-useaccess-control/
Box 2: WS-Trust is a web service (WS-*) specification and Organization for the Advancement of
Structured Information Standards (OASIS) standard that deals with the issuing, renewing, and
validating of security tokens, as well as with providing ways to establish, assess the presence of, and
broker trust relationships between participants in a secure message exchange. Azure Access Control
(ACS) supports WS-Trust 1.3.
Incorrect:
ACS does not support Kerberos.Protocols Supported in ACS
https://msdn.microsoft.com/en-us/library/azure/gg185948.aspx