What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?
What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?
An access control list (ACL) can be defined as a list of subjects along with their access rights that are authorized to access a specific object. An ACL is essentially a table or list that tells the operating system which access rights each user has to a particular system object, such as a file, directory, or data element. Each entry in a typical ACL specifies a subject and an associated access level. ACLs are used extensively in various forms of access control systems.
Should be C. SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Third Edition: "An access control matrix is a list of objects along with the permissions granted for each object. You can think of an access control matrix as a group of ACLs."
Incorrect, look at question 126 on this same topic.
B. An access control list (ACL) Explanation: An Access Control List (ACL) is a list associated with a specific object (such as a file or resource) that specifies which subjects (users, groups, processes) are authorized to access it and what actions they can perform (e.g., read, write, execute). Why not the other options? A. A capability table – This is associated with subjects rather than objects. It defines what objects a particular subject can access. C. An access control matrix – This is a larger structure that maps all subjects to all objects in a system. ACLs are derived from access control matrices but focus on a single object. D. A role-based matrix – Not a standard term; it likely refers to Role-Based Access Control (RBAC), where permissions are assigned to roles rather than individual users. Since an ACL lists subjects and their permissions for a specific object, it is the correct answer.