Which two statements about ASA transparent mode are true? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.CE.
ASA (Adaptive Security Appliance) is a firewall and security device from Cisco. It can operate in two modes: routed mode and transparent mode. In transparent mode, the ASA acts like a "transparent bridge" between two networks, and it does not modify the IP addressing information in the packets. Here are the answers to the given question:
A. False: ASA transparent mode operates as a Layer-2 firewall, not Layer-3. It does not route packets or modify their IP addressing information.
B. True: In transparent mode, the inside and outside interfaces must be in different Layer-2 subnets. This is because the ASA transparent mode works as a bridge and it needs to forward packets between two different networks.
C. True: IP traffic will not pass through the ASA transparent mode unless it is explicitly permitted by an access-list. The access-lists are used to filter and control the traffic passing through the firewall.
D. True: By default, the ASA transparent mode drops all ARP traffic unless it is permitted by an access-list. This is because ARP traffic is used to map MAC addresses to IP addresses, and it can be used to perform various attacks like ARP spoofing.
E. False: In transparent mode, a configured route applies to all traffic passing through the ASA, regardless of its origin. The ASA transparent mode does not modify the IP addressing information in the packets, so it cannot differentiate between traffic originating from different sources.
F. False: In multiple context mode, each context can operate in either routed mode or transparent mode independently of the other contexts. It is not necessary for all contexts to be in transparent mode.
In summary, ASA transparent mode operates as a Layer-2 firewall between two different Layer-2 subnets. It uses access-lists to control the traffic passing through the firewall, and it drops all ARP traffic by default unless it is permitted by an access-list. A configured route applies to all traffic passing through the ASA in transparent mode, and each context can operate in either mode independently of the other contexts.