Which statement about the Cisco ASA botnet traffic filter is true?
A.
The four threat levels are low, moderate, high, and very high.
B.
By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat
level of high or very high.
C.
Static blacklist entries always have a very high threat level.
D.
A static or dynamic blacklist entry always takes precedence over the static whitelist entry.
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_botnet.html
Information About the Static Database You can manually enter domain names or IP addresses
(host or subnet) that you want to tag as bad names in a blacklist. Static blacklist entries are always
designated with a Very High threat level. You can also enter names or IP addresses in a whitelist,
so that names or addresses that appear on both the dynamic blacklist and the whitelist are
identified only as whitelist addresses in syslog messages and reports. Note that you see syslog
messages for whitelisted addresses even if the address is not also in the dynamic blacklist.