How does the transparent firewall process traffic through the ASA?
A. The firewall permits IPv6 and IPv4 traffic from higher security interfaces to lower security interfaces without an ACL.
B. The firewall permits Layer 3 traffic from lower security interfaces to higher security interfaces if a standard ACL is configured on the lower security interface.
C. The firewall permits broadcast and multicast traffic from higher security interfaces to lower security interfaces without an ACL.
D. The firewall requires ARPs to be inspected before they are allowed through the firewall.
For Layer 3 traffic traveling from a low to a high security interface, an access rule is required on the low security interface.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/intro-fw.html
Allowing Layer 3 Traffic
Unicast IPv4 and IPv6 traffic is allowed through the transparent firewall automatically from a higher security interface to a lower security interface, without an ACL.
Note Broadcast and multicast traffic can be passed using access rules. See the firewall configuration guidefor more information.
ARPs are allowed through the transparent firewall in both directions without an ACL. ARP traffic can be controlled by ARP inspection.
For Layer 3 traffic travelling from a low to a high security interface, an extended ACL is required on the low security interface. See the firewall configuration guide for more information
https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/intro-fw.html#37413
Answer D
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/basic-arp-mac.html
Configure ARP Inspection and Other ARP Parameters
For transparent firewall mode bridge groups, you can enable ARP inspection. You can also configure other ARP parameters for both bridge groups and for routed mode interfaces.
Procedure
Step 1
Add static ARP entries according to Add a Static ARP Entry and Customize Other ARP Parameters. ARP inspection compares ARP packets with static ARP entries in the ARP table, so static ARP entries are required for this feature. You can also configure other ARP parameters.
Step 2
(Transparent Mode Only) Enable ARP inspection according to Enable ARP Inspection.
A
Unicast IPv4 and IPv6 traffic is allowed through the transparent firewall automatically from a higher security interface to a lower security interface, without an ACL
Whitch answer is valed?
https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/intro-fw.html
Then, go to ==> Allowing Layer 3 Traffic
so answer A is correct
The answer is A. This is from the Cisco ASA Series General Operations CLI Configuration Guide:
“Standard ACLs identify the destination IP addresses (not source addresses) of OSPF routes and can
be used in a route map for OSPF redistribution. Standard ACLs cannot be applied to interfaces to
control traffic.”
Bridge Groups in Transparent Firewall Mode.
Allowing Layer 3 Traffic
• Unicast IPv4 and IPv6 traffic is allowed through the bridge group automatically from a higher security
interface to a lower security interface, without an access rule.
• For Layer 3 traffic traveling from a low to a high security interface, an access rule is required on the low
security interface
Is the answer A wrong
?
No. See question 47.
IS standard ACL SUPPORTED?