Role-based access control restricts what actions an authenticated user or account is permitted to perform based on their assigned role, ensuring that even a compromised or otherwise unauthorized account is limited to only the specific privileges granted to that role, such as read-only visibility rather than the ability to delete critical resource configurations. Since the scenario specifies the attacker has already gained access to the application, the relevant defense at this stage is authorization, controlling what the now-present attacker can do, and RBAC is precisely the mechanism that would have constrained or blocked a destructive action like deleting configurations if the compromised account (or the attacker's own access) lacked sufficient privilege. Enhancing UI security (A) is a vague, non-specific measure that does not address the underlying authorization gap that allowed the destructive action to succeed. Multi-factor authentication (B) strengthens the authentication step, making initial unauthorized access harder to achieve in the first place, but the scenario states access has already occurred, so MFA would not have prevented the deletion action itself once the attacker was already inside. Increasing audit frequency (C) is a detective, after-the-fact measure that helps discover what happened, not a preventive control that stops the deletion from occurring. RBAC correctly addresses prevention of the specific unauthorized action.
Reference topic: Securing the Data Protection Environment - Role-Based Access Control.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit