An organization is designing a network architecture that must meet the following requirements:
- Users will only be able to access predefined services.
- Each user will have a unique allow list defined for access.
- The system will construct one-to-one subject/object access paths dynamically.
Which of the following architectural designs should the organization use to meet these requirements?

A. Peer-to-peer secure communications enabled by mobile applications B. Proxied application data connections enabled by API gateways C. Microsegmentation enabled by software-defined networking D. VLANs enabled by network infrastructure devices