What is a valid implicit permit rule for traffic that is traversing the ASA firewall?
A.
Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in
transparent mode only
B.
Only BPDUs from a higher security interface to a lower security interface are permitted in routed
mode.
C.
ARPs in both directions are permitted in transparent mode only
D.
Unicast IPv4 traffic from a higher security interface to a lower security interface is permitted in
routed mode only
E.
Only BPDUs from a higher security interface to a lower security interface are permitted in
transparent mode.
Explanation:
IPv4 and IPv6 traffic is permitted in both routed and transparent mode from higher to lower
security interfaces.
“The default mode is routed mode.
Transparent Mode Defaults
By default, all ARP packets are allowed through the ASA.
If you enable ARP inspection, the default setting is to flood non-matching packets.
The default timeout value for dynamic MAC address table entries is 5 minutes.
By default, each interface automatically learns the MAC addresses of entering traffic, and the ASA adds corresponding entries to the MAC address table.”
https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/intro-fw.html#pgfId-1501807