If a packet matches more than one class map in an individual feature type’s policy map, how does the ASA
handle the packet?

A.
The ASA will apply the actions from only the first matching class map it finds for the feature type.

B.
The ASA will apply the actions from only the most specific matching class map it finds for the feature type.

C.
The ASA will apply the actions from all matching class maps it finds for the feature type.

D.
The ASA will apply the actions from only the last matching class map it finds for the feature type.

Explanation:
BD
I suppose this could be an explanation. Not 100% confident about this. The explanation refers to an interface,
but the question doesn’t specify that.
See the following information for how a packet matches class maps in a policy map for a given interface:
1. A packet can match only one class map in the policy map for each feature type.
2. When the packet matches a class map for a feature type, the ASA does not attempt to match it to any
subsequent class maps for that feature type.
3. If the packet matches a subsequent class map for a different feature type, however, then the ASA also
applies the actions for the subsequent class map, if supported. See the “Incompatibility of Certain Feature
Actions” section for more information about unsupported combinations.
If a packet matches a class map for connection limits, and also matches a class map for an application
inspection, then both actions are applied.
If a packet matches a class map for HTTP inspection, but also matches another class map that includes
HTTP inspection, then the second class map actions are not applied.
Source: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/
mpf_service_policy.html