A hosted service provider is planning to use firewall contexts in its multitenant environment and will manage these firewalls on behalf of its customers and allow them access to it for monitoring. For management purposes the lead architect of the service provider has decided to connect this management interface to a single shared management zone VLAN (901) and allocate each context a unique IP form the assigned range of this VLAN. Which three statements about this design are true? (Choose three)
A. Though this design is valid, a physical interface cannot be allocated to multiple contexts due to ASA traffic classifier restrictions, this s only possible with subinterfaces
B. This design concept is valid and requires some modifications. However, it woule be more secure to only allow customer management access from the data VLANs in their hosted environment to ensure adequate Layer 2/ Layer 3 separation between tenants
C. The ASA multicontext traffic classifier works differently for shared interfaces that exist on the same VLAN and have the same MAC address when NAT is in use, other rules are applied when NAT is not in use
D. The ASA classifier works only for data interfaces and not for management interfaces. The (No Management-only) command must be applied for this concept to work
E. This design concept is not valid because it is not possible to allocate a physical interface to all contexts due to ASA traffic classifier restrictions, this is only possible with subinterfaces
F. Subinterfaces of the interface can be allocated only to contexts and not the actual management physical interface
G. The design for the management zone does not work unless unique MAC addresses are assigned
