Which of the following most accurately describes transparent mode tunneling? (Select the best answer.)

A.
It enables traffic to exit the same interface through which it entered.

B.
It enables traffic to flow between interfaces that share the same security level.

C.
It enables a VPN tunnel to form through a firewall or NAT device.

D.
It enables a VPN tunnel to determine which traffic flows should be encrypted.

Explanation:
Transparent mode on a Cisco Adaptive Security Appliance (ASA) enables a virtual private network (VPN)tunnel to form through a firewall or Network Address Translation (NAT) device. When transparent tunneling is
enabled on a VPN client, encrypted packets are encapsulated in Transmission Control Protocol (TCP) or User
Datagram Protocol (UDP) packets prior to transmission through the firewall or NAT device.
Hairpinning enables ASA traffic to exit the same interface through which it entered. The samesecuritytraffic
permit intrainterface command enables hairpinning. By default, an ASA does not allow packets to enter and exit
through the same physical interface. However, because multiple logical virtual LANs (VLANs) can be assigned
to the same physical interface, it is sometimes necessary to allow a packet to enter and exit through the same
interface. The samesecuritytraffic permit intrainterface command allows packets to be sent and received from
the same interface even if the traffic is protected by IP Security (IPSec) security policies. Another scenario for
which you would need to use the samesecuritytraffic permit intrainterface command is if multiple users need to
connect via VPN through the same physical interface. These users will not be able communicate with one
another unless the samesecuritytraffic permit intrainterface command has been issued from global
configuration mode.
Likewise, the samesecuritytraffic permit interinterface command enables traffic to flow between interfaces that
share the same security level. Typically, interfaces with the same security level are not allowed to
communicate.
Split tunneling enables a VPN tunnel to determine which traffic flows should be encrypted. Without split
tunneling, all traffic that passes through a remote VPN router is encrypted and forwarded through a tunnel to
the VPN server, which is an inefficient use of the bandwidth and processing power of the VPN server and the
remote VPN router. Traffic that is destined for the Internet or another unprotected network does not need to be
encrypted or forwarded to the VPN server. Split tunneling uses an access control list (ACL) to determine which
traffic flows are permitted to pass through the encrypted tunnel. Traffic destined for a protected network at the
VPN server site is encrypted and allowed to pass through the tunnel, whereas all other traffic is processed
normally. This method reduces both the processing load on the router and the amount of traffic that passes
through the encrypted tunnel. Split tunneling can also be applied to traffic from remote access VPN clients.

Cisco: Configuring the Transparent or Routed Firewall: Information About Transparent Firewall Mode