HOTSPOT You need to create a Conditional Access policy to meet the security require-ments. How should you configure the policy? To answer, select the appropriate options in the answer area. 
Authentication context, Client apps, and Require token protections for sign-in sessions (preview) is the combo here. The key is targeting sensitive actions with authentication context, not just blanketing all access. Pretty sure that's what MS is going for with these Conditional Access questions. If anyone thinks Resources would fit better let me know!
Does the question actually mention securing just sensitive actions or specific app functions? Curious if it's about targeted controls, then authentication context makes sense to me. Or is it about broad app coverage? That'd push toward Resources instead. Anyone else read a clue pointing one way?
Authentication context, Client apps, Require token protections is what you want. Some might pick "Resources (formerly cloud apps)" but that's too broad here. Policy needs to be scoped to sensitive actions for better control. Went over a very similar setup in MS Learn labs, pretty sure this is right unless they change preview features.
