C. It includes multiple interfaces and access rules between interfaces are customizable.
In transparent mode, a Cisco ASA firewall acts as a bridge instead of a router. A bridge group is a collection of interfaces that are bridged together and forward traffic between them. A bridge group in transparent mode includes multiple interfaces, and the access rules between interfaces are customizable, meaning that the administrator can configure filtering and access control policies to restrict traffic between different interfaces. This allows the firewall to forward traffic between different VLANs or segments while still applying security policies.
C is the correct.
++if you configure an access control rule to block Questionable sites (level 5), it also blocks all 4,3,2, through Untrusted (level 1) sites. (Firepower Management Center Configuration Guide, Version 6.5)
https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/url_filtering.html#id_17110
C - IS CORRECT - I have to correct myself, indeed C is correct:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/firewall/asa-97-firewall-config/access-rules.html
Extended access rules (Layer 3+ traffic) assigned to Bridge Virtual Interfaces (BVI; routed mode)—If you name a BVI, you can apply separate rule sets in the inbound and outbound direction, and you can also apply rule sets to the bridge group member interfaces. When both the BVI and member interface have access rules, the order of processing depends on direction. Inbound, the member access rules are evaluated first, then the BVI access rules. Outbound, the BVI rules are considered first, then the member interface rules.
BVI interface is not used for management purpose. But we can add a separate Management slot/port interface that is not part of any bridge group, and that allows only management traffic to the ASA.
I believe answer is C
https://integratingit.wordpress.com/2021/05/30/asa-transparent-mode/#:~:text=Bridge%20groups%20are%20used%20to,the%20ASA%20to%20pass%20traffic.
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.
Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.
Only bridge group member interfaces are named and can be used with interface-based features.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/intro-fw.html#ID-2106-00000012
While we can use BVIs for Firewall Management purposes, it isn't ONLY used for management.
Answer C seems correct
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are supported in both transparent and routed firewall mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place
more specific from below doc:
About Bridge Groups
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
leptonius
Highly Voted 2 years, 8 months agosull3y
Highly Voted 1 year, 3 months agoytsionis
Most Recent 7 months, 3 weeks agoJessie45785
1 year, 1 month agoJessie45785
1 year agokjubo
1 year, 6 months agoleowulf
1 year, 7 months agogetafix
1 year, 10 months agoMetgatz
1 year, 11 months agodr4gn00t
2 years, 3 months agoLaryoul
2 years, 1 month agobeeker98106
2 years, 6 months ago