This is one of the most frequently asked interview questions. So let get to the bottom of it.
These are considered as the heart of Sharing and Security. When it comes to object-level security and field-level security profiles will be used. We will be given the option to provide CRUD operations on standard and custom objects.
In Roles, we will be doing Record level sharing. When Role Hierarchy is enabled, if a record is created by a user, he will be able to access it and his reporting manager will be able to access it, also, his reporting manager will be able to access it. It goes on and on top of the pyramid.
So typically speaking Profiles are used to do Object-level security and Role are used to Record level security.
Hope this was helpful!