Which of the following can be used to restrict access to sensitive information in a system?

Using security roles to restrict access to sensitive information in a system is highly effective because they provide a structured way to manage permissions based on the responsibilities assigned to users. Security roles define the level of access that users have to various system features and data, ensuring that only authorized individuals can view or modify sensitive information. This role-based access control mechanism helps maintain data integrity and confidentiality while aligning with organizational policies and compliance requirements.

In contrast, while dynamic groups can automatically adjust membership based on user attributes, static roles typically require manual updates and may not be as flexible. Access lists function to dictate which users have access to specific items but may lack the broader management capabilities that security roles provide, particularly in complex systems. Therefore, security roles offer a comprehensive approach to controlling access and protecting sensitive data within a system.