Which statement about Cisco ASA operations using software versions 8.3 and later is true?
Click on the arrows to vote for the correct answer
A. B. C. D. E.A.
The correct answer is C: When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing "global" as the interface applies the access list entry globally.
Here is an explanation of the statements:
A. The interface access list is matched first before the global access lists - This statement is false. In software versions 8.3 and later, the global access list is matched before the interface access list.
B. The interface and global access lists both can be applied in the input or output direction - This statement is true. In software versions 8.3 and later, the interface and global access lists can be applied in both the input and output directions.
C. When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing "global" as the interface applies the access list entry globally - This statement is true. In software versions 8.3 and later, when creating an access list entry using the Cisco ASDM Add Access Rule window and choosing "global" as the interface, the access list entry is applied globally.
D. NAT control is enabled by default - This statement is false. In software versions 8.3 and later, NAT control is disabled by default.
E. The static CLI command is used to configure static NAT translation rules - This statement is true. In software versions 8.3 and later, the static CLI command is used to configure static NAT translation rules.
Cisco ASA software version 8.3 introduced significant changes to the NAT configuration syntax and logic. In earlier versions, NAT control was enabled by default, and NAT configurations required the use of the nat and global commands. In software versions 8.3 and later, NAT control is disabled by default, and NAT configurations use the new NAT and global objects, which are configured using the static command. In addition, the order of the access list matching has been changed, with the global access list now matched before the interface access list.