Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?
A.
The global access list is matched first before the interface access lists.
B.
Both the interface and global access lists can be applied in the input or output direction.
C.
When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing
“global” as the interface will apply the access list entry globally.
D.
NAT control is enabled by default.
E.
The static CLI command is used to configure static NAT translation rules.
Explanation:
any of these answers are not correct
I agree A is not correct correct. the Interface ACL is checked first.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/access_rules.html#wp1120198
Using Global Access Rules
Global access rules allow you to apply a global rule to ingress traffic without the need to specify an interface to which the rule must be applied. Using global access rules provides the following benefits:
•When migrating to the adaptive security appliance from a competitor appliance, you can maintain a global access rule policy instead of needing to apply an interface-specific policy on each interface.
•Global access control policies are not replicated on each interface, so they save memory space.
•Global access rules provides flexibility in defining a security policy. You do not need to specify which interface a packet comes in on, as long as it matches the source and destination IP addresses.
•Global access rules use the same mtrie and stride tree as interface-specific access rules, so scalability and performance for global rules are the same as for interface-specific rules.
You can configure global access rules in conjunction with interface access rules, in which case, the specific interface access rules are always processed before the general global access rules.