Which statement about access list operations on Cisco ASA Software Version 8.3 and later is
true?

A.
If the global and interface access lists are both configured, the global access list is matched first
before the interface access lists.

B.
Interface and global access lists can be applied in the input or output direction.

C.
In the inbound access list on the outside interface that permits traffic to the inside interface, the
destination IP address referenced is always the “mapped-ip” (translated) IP address of the inside
host.

D.
When adding an access list entry in the global access list using the Cisco ASDM Add Access
Rule window, choosing “any” for Interface applies the access list entry globally.

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_rules.html#wp10
83595
Using Global Access Rules
Global access rules allow you to apply a global rule to ingress traffic without the need to specify an
interface to which the rule must be applied. Using global access rules provides the following
benefits:

•When migrating to the ASA from a competitor appliance, you can maintain a global access rule
policy instead of needing to apply an interface-specific policy on each interface.
•Global access control policies are not replicated on each interface, so they save memory space.
•Global access rules provides flexibility in defining a security policy. You do not need to specify
which interface a packet comes in on, as long as it matches the source and destination IP
addresses.
•Global access rules use the same mtrie and stride tree as interface-specific access rules, so
scalability and performance for global rules are the same as for interface-specific rules.
You can configure global access rules in conjunction with interface access rules, in which case,
the specific interface access rules are always processed before the general global access rules.