Which statement concerning the Active/Active failover feature is correct?
A.
Active/Active failover is supported in “multiple mode” configuration only.
B.
Active/Active failover supports site-to-site IPSec VPN stateful failover.
C.
If an active security context within the primary security appliance “fails”, the status of the primary security appliance unit changes to “failed” while the secondary failover security appliance unit transitions to “active.”
D.
ASA Security Appliance failover pair must have either an Unrestricted and UR license or a UR and FO-A/A license to be able to support Active/Active failover.
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/ha_active_active.pdf
Prerequisites for Active/Active Failover
In Active/Active failover, both units must have the following:
The same hardware model
The same number of interfaces
The same types of interfaces
. . . . . . . . . . . . . . . . .
Failover groups can only be added to the system context of devices that are configured for multiple context mode.
Additional support for A being the correct answer: “Active/Active failover is only available to security appliances in multiple context mode.”
B is not correct because, “VPN failover is available only for Active/Standby Failover configurations in single context configurations.”
C does not reflect the way security contexts are assigned to failover groups. Failover state transition is by failover group, not at the appliance level
I believe D is not correct because, “On the PIX/ASA Security appliance platform, at least one of the units must have an unrestricted (UR) license. The other unit can have a Failover Only Active-Active (FO_AA) license, or another UR license. Units with a Restricted license cannot be used for failover, and two units with FO_AA licenses cannot be used together as a failover pair.”
– http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#prereq