Cisco Certified Internetwork Expert (CCIE) Practice Test

Which two options are benefits of the Cisco ASA transparent firewall mode? (Choose two)

• A. It can perform dynamic routing
• B. It supports extended ACLs to allow Layer 3 traffic to pass from higher to lower security interfaces
• C. It provides SSL VPN support
• D. It can establish routing adjacencies

The correct answer is: It supports extended ACLs to allow Layer 3 traffic to pass from higher to lower security interfaces

The selection is based on the features and operational principles of the Cisco ASA in transparent mode. When operating in transparent mode, the ASA functions at Layer 2 of the OSI model, which means it behaves like a switch, forwarding traffic based on MAC addresses rather than IP addresses. One of the key benefits of this mode is that it supports extended access control lists (ACLs) to control the flow of traffic between interfaces. These ACLs allow for the filtering of traffic based on various criteria, which can be crucial for enforcing security policies even while the device is operating in a non-IP routing capacity. The ability to use extended ACLs means that the ASA can specify rules for Layer 2 traffic, thereby enhancing control over the types of traffic allowed to pass from higher security interfaces to lower security interfaces. In contrast, options related to dynamic routing and routing adjacencies are not applicable in transparent firewall mode. Transparent mode does not support traditional routing protocols because it doesn't operate at Layer 3, where routing takes place. Additionally, while SSL VPN support might be a function of the ASA, it is not specifically tied to the transparent mode advantage. The focus on Layer 2 processing in transparent mode directly influences the appropriate use of extended ACLs, making this