Which type of Cisco ASA access list entry can be configured to match multiple entries in a single
statement?

A.
nested object-class

B.
class-map

C.
extended wildcard matching

D.
object groups

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/objectgroups.html
Information About Object Groups
By grouping like objects together, you can use the object group in an ACE instead of having to
enter an ACE for each object separately. You can create the following types of object groups:
•Protocol
•Network
•Service
•ICMP type
For example, consider the following three object groups:
•MyServices—Includes the TCP and UDP port numbers of the service requests that are allowed
access to the internal network.
•TrustedHosts—Includes the host and network addresses allowed access to the greatest range of
services and servers.
•PublicServers—Includes the host addresses of servers to which the greatest access is provided.
After creating these groups, you could use a single ACE to allow trusted hosts to make specific
service requests to a group of public servers.

You can also nest object groups in other object groups.