What can be defined as a table of subjects and objects indicating what actions individual subjects can take
upon individual objects?

A.
A capacity table

B.
An access control list

C.
An access control matrix

D.
A capability table

Explanation:
An access control matrix is a table of subjects and objects that specifies the actions individual subjects can
take upon individual objects.
Incorrect Answers:
A: A capacity table is not valid with regards to the context of this question.
B: Access control lists define subjects that are authorized to access a specific object, and includes the level of
authorization that subjects are granted.
D: A capability table stipulates the access rights that a specified subject has in relation to detailed objects.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 229-231