Azure IoT provides a number of patterns and options to design and implement security in your IoT solutions. One of the key components of the security architecture is how the devices authenticate themselves to IoT hub. Security tokens and X.509 certificates are two ways of authentication you can choose from. 
Which of the following statements is not true?

Answer options:

A.Security tokens are limited in validity and in scope
B.The security token method can be used without X.509 authentication
C.Shared access signatures can be used to sign security tokens
D.The X.509 method is appropriate for any type of devices

Correct Answer: D
Option A is incorrect because the security tokens provide limited access to resources both from the perspectives of time and the scope.
Option B is incorrect because security tokens can also be used with symmetric key solutions, i.e. they don’t require use of X.509 certificates. This can be a good solution when less security is acceptable.
Option C is incorrect because either shared access signatures or symmetric keys can be used to sign security tokens.
Option D is CORRECT because the X.509 authentication method is only applicable for devices which have a secure storage to store the private keys securely. (It is typically not applicable for low-resource sensors.)
References: 

https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-deployment?context=/azure/iot-hub/rc/rc#iot-hub-security-tokens
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#security-token-structure