What can be defined as a list of subjects along with their access rights that are authorized to access a specific
object?

A.
A capability table

B.
An access control list

C.
An access control matrix

D.
A role-based matrix

Explanation:
Access control lists defines subjects that are authorized to access a specific object, and includes the level of
authorization that subjects are granted.
Incorrect Answers:
A: A capability table stipulates the access rights that a specified subject has in relation to detailed objects.
C: An access control matrix is a table of subjects and objects that specifies the actions individual subjects can
take upon individual objects.
D: A role-based matrix is not a valid answer with regards to this question.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 229-231