In an effort to secure corporate data, a network administrator is tasked with configuring network architecture to separate highly sensitive data systems from general office networks. Which setup would best achieve a secure segmentation between trusted zones, where high-value assets are located, and untrusted zones used by regular employees?
Implement a DMZ that separates the corporate network from the sensitive systems, monitored by security systems.
Configure distinct subnets for sensitive systems and office networks without additional security controls.
Regularly change network device passwords and increase the encryption level for traffic between segments.
Deploy Network Access Control (NAC) across all network points to restrict user access based on credentials.
Place all sensitive systems and office networks behind the same firewall, with high-security configurations.