When will a Cisco ASA that is operating in transparent firewall mode perform a routing table lookup instead of a MAC address table lookup to determine the
outgoing interface of a packet?

A.
if multiple context mode is configured

B.
if the destination MAC address is unknown

C.
if the destination is more than a hop away from the Cisco ASA

D.
if NAT is configured

E.
if dynamic ARP inspection is configured

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/fwmode.html#wp1214 MAC Address vs. Route Lookups
When the ASA runs in transparent mode, the outgoing interface of a packet is determined by performing a MAC address lookup instead of a route lookup. Route
lookups, however, are necessary for the following traffic types:
·Traffic originating on the ASA–For example, if your syslog server is located on a remote network, you must use a static route so the ASA can reach that subnet.
·Voice over IP (VoIP) traffic with inspection enabled, and the endpoint is at least one hop away from the ASA–
For example, if you use the transparent firewall between a CCM and an H.323 gateway, and there is a router between the transparent firewall and the H.323
gateway, then you need to add a static route on the ASA for the H.323 gateway for successful call completion.

·VoIP or DNS traffic with NAT and inspection enabled–To successfully translate the IP address inside VoIP and DNS packets, the ASA needs to perform a route
lookup. Unless the host is on a directly-connected network, then you need to add a static route on the ASA for the real host address that is embedded in the packet.