When will a Cisco ASA that is operating in transparent firewall mode perform a routing table
lookup instead of a MAC address table lookup to determine the outgoing interface of a packet?

A.
if multiple context mode is configured

B.
if the destination MAC address is unknown

C.
if the destination is more than a hop away from the Cisco ASA

D.
if NAT is configured

E.
if dynamic ARP inspection is configured

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/fwmode.html#wp121475
0
MAC Address vs. Route Lookups
When the ASA runs in transparent mode, the outgoing interface of a packet is determined by
performing a MAC address lookup instead of a route lookup.
Route lookups, however, are necessary for the following traffic types:
•Traffic originating on the ASA—For example, if your syslog server is located on a remote network,
you must use a static route so the ASA can reach that subnet.
•Voice over IP (VoIP) traffic with inspection enabled, and the endpoint is at least one hop away
from the ASA—
For example, if you use the transparent firewall between a CCM and an H.323 gateway, and there
is a router between the transparent firewall and the H.323 gateway, then you need to add a static
route on the ASA for the H.323 gateway for successful call completion.
•VoIP or DNS traffic with NAT and inspection enabled—To successfully translate the IP address
inside VoIP and DNS packets, the ASA needs to perform a route lookup. Unless the host is on a
directly-connected network, then you need to add a static route on the ASA for the real host
address that is embedded in the packet.