CompTIA PenTest+ (PT0-002) — Question 255

A penetration tester identified numerous flaws that could lead to unauthorized modification of critical data. Which of the following would be best for the penetration tester to recommend?

Answer options

• A. Flat access
• B. Role-based access control
• C. Permission-based access control
• D. Group-based control model

Correct answer: B

Explanation

Role-based access control (RBAC) is the most effective solution in this scenario as it restricts system access to authorized users based on their roles, minimizing the risk of unauthorized data modifications. Flat access and group-based control models do not provide the necessary granularity in permissions, and permission-based access control may not be as structured or efficient as RBAC.