Implementing VLANs to segregate network traffic is a common practice to achieve network isolation. By assigning a separate VLAN to the guest network, the guests' traffic is isolated from the primary corporate network, which prevents access to internal resources. This is the correct answer because it both allows guest internet access and effectively segregates guest traffic from sensitive corporate data. Using firewall rules alone isn’t sufficient because it doesn’t necessarily prevent traffic within the same network. Offering Wi-Fi Protected Setup (WPS) or using Quality of Service (QoS) doesn't provide network segment separation and hence cannot ensure isolation from internal resources.