You provide an Azure API Management managed web service to clients. The back-end web service implements HTTP Strict Transport Security (HSTS). Every request to the backend service must include a valid HTTP authorization header. You need to configure the Azure API Management instance with an authentication policy. Which two policies can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. 

Answer options:

A. Basic Authentication
B. Digest Authentication
C. Certificate Authentication
D. OAuth Client Credential Grant

CD