Final answer:
The correct approach to limit access to information based on job tasks is through role-based access control. This method permits users to access only the information necessary for their roles within an organization, adhering to the principle of least privilege.
Step-by-step explanation:
Designing a system that restricts information access so that only information essential for a specific job task can be viewed is referred to as implementing an access control policy. The correct choice for such a design is C. role-based access control (RBAC). RBAC allows access to information based on the role the user plays within the organization. This means that each user is given permissions to access only the information that is necessary for their role. For example, in a hospital setting, a nurse might have access to patient health records but not to the hospital's financial records.
Choices like mandatory vacations, job rotations, discretionary access, and separation of duties are not specific to the task of restricting access based on job requirements. They are administrative and policy controls that provide security in other ways. For instance, mandatory vacations can help detect fraudulent activities by ensuring that employees are away from their job duties for a period of time, forcing others to take over and potentially catch any discrepancies.