What is the difference between Access Control Lists (ACLs) and Capability Tables? 

Answer options:

A. Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.
B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.
C. Capability tables are used for objects whereas access control lists are used for users.
D. They are basically the same.

B

Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject.For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user`s posession of a capability (or ticket) for the object. It is a row within the matrix. To put it another way, A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL. CLEMENT NOTE: If we wish to express this very simply: Capabilities are attached to a subject and it describe what access the subject has to each of the objects on the row that matches with the subject within the matrix. It is a row within the matrix. ACL`s are attached to objects, it describe who has access to the object and what type of access they have. It is a column within the matrix. The following are incorrect answers: "Access control lists are subject-based whereas capability tables are object-based" is incorrect. "Capability tables are used for objects whereas access control lists are used for users" is incorrect. "They are basically the same" is incorrect. References used for this question: CBK, pp. 191 - 192 - AIO3 p. 169