Which of the following MOST effectively prevents internal users from modifying sensitive data?

A. Network segmentation
B. Multi-factor authentication
C. Acceptable use policies
D. Role-based access controls