You are configuring a bridge group on a Cisco ASA device that is operating in routed mode.
Which of the following is true?
A. The ASA device supports a maximum of four bridge groups.
B. The BVI IP address can be on a separate subnet from the group members.
C. The bridge group can contain up to 32 interfaces.
D. You must name the BVI to route between bridge groups.
Explanation:
You must name the bridge virtual interface (BVI) to route between bridge groups if you are configuring a bridge group on a Cisco Adaptive Security Appliance (ASA) that is operating in routed mode. The Cisco ASA is a firewall product that can operate as a traditional Layer 3 firewall or can be implemented transparently at Layer 2. The ASA Layer 3 deployment mode is known as Routed Firewall, or routed mode. The ASA Layer 2 deployment mode is known as Transparent Firewall, or transparent mode.
Bridge groups are groupings of interfaces on the ASA device. These groups are bridged by the ASA instead of routed by it. The ASA uses the IP address of a BVI as the bridge group’s source IP address. In routed mode, the BVI behaves as a default gateway between the bridge group and other interfaces. However, you must name the BVI in the bridge group configuration in order for this routing to be possible.
All members of a bridge group must operate on the same IP subnet as the IP address that is assigned to the BVI, regardless of whether the ASA is operating in routed mode or in transparent mode. You can configure a bridge group in either routed mode or transparent mode. However, in transparent mode, bridge group traffic cannot be routed to other bridge groups.
A Cisco ASA supports a maximum of 250 bridge groups, not four. Each bridge group that is configured on a Cisco ASA device can contain four interfaces, not 32.
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/intro-fw.html#ID-2106-000000ae