The option that most directly secures sensitive information on the network is data-in-transit encryption. This ensures that data packets are unreadable to attackers who intercept them while moving across the network. Protocols such as TLS, HTTPS, IPsec, and SSH protect confidentiality and integrity of sensitive information.

B. Principle of least privilege (PoLP) secures access control but does not directly protect data in motion.

C. Role-based access control (RBAC) enforces permissions but again does not secure the data while transmitted.

D. Multifactor authentication (MFA) strengthens identity verification but does not directly protect the data itself once transmitted.

Thus, while all options contribute to overall security, encryption of data-in-transit most directly addresses protection of sensitive information on the network.

References (CompTIA Network+ N10-009):

Domain: Network Security — Encryption methods, confidentiality, data-in-transit protection.