Which statement about interface and global access rules is true?
A. Interface access rules are processed before global access rules.
B. The implicit allow is processed after both the global and interface access rules.
C. If an interface access rule is applied, the global access rule is ignored.
D. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction.
B is incorrect. Must be:
The implicit DENY is processed after both the global and interface access rules.
D is. Must be:
Global access rules apply only to INBOUND traffic,
A must to be correct:
This is the order of rule-processing on the ASA:
Interface access rules.
For bridge group member interfaces, the Bridge Virtual Interface (BVI) access rule.
Global access rule.
Implicit deny.
But why C is not correct ?
C. If an interface access rule is applied, the global access rule is ignored.
Because global rules is not ignored, just processed after the interface one.