Which access rule is disabled automatically after the global access list has been defined and
applied?
A.
the implicit global deny ip any any access rule
B.
the implicit interface access rule that permits all IP traffic from high security level to low security
level interfaces
C.
the implicit global access rule that permits all IP traffic from high security level to low security
level interfaces
D.
the implicit deny ip any any rule on the global and interface access lists
E.
the implicit permit all IP traffic from high security level to low security level access rule on the
global and interface access lists
Explanation:
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.3/user/guide/fwaccess.html
Understanding Device Specific Access Rule Behavior
If you do not create an access rule policy, the following is the default behavior based on the type
of device, and what happens when you create an access rule:
•IOS devices—Permit all traffic through an interface.
When you create an access rule permitting source A to destination B without configuring
TCP/UDP inspection on the inspection rule table, or configuring the established advanced option
on the rule, the device permits any packet from A to B. However, for any returning packet from B
to A, the packet is not allowed, unless there is a corresponding access rule permitting that packet.
If you configure TCP/UDP inspection on the traffic the inspection rule table, a rule permitting B to
A is not needed in the access rule, as any returning packet from B to A automatically passes the
device.
•ASA and PIX devices—Permit traffic from a higher-security interface to a lower-security interface.
Otherwise, all traffic is denied.
If an access rule allows TCP/UDP traffic in one direction, the appliance automatically allows return
traffic (you do not need to configure a corresponding rule for the return traffic), except for ICMP
traffic, which does require a return rule (where you permit the reverse source and destination), or
you must create an inspection rule for ICMP.
•FWSM devices—Deny all traffic entering an interface, permit all traffic leaving an interface.
You must configure access rules to allow any traffic to enter the device.