How does a zone-based firewall implementation handle traffic between interfaces in the same zone?

A.
Traffic between two interfaces in the same zone is allowed by default.

B.
Traffic between interfaces in the same zone is blocked unless you configure the same-security permit
command.

C.
Traffic between interfaces in the same zone is always blocked.

D.
Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair.

Explanation:
BD
For interfaces that are members of the same zone, all traffic is permitted by default.
Source: Cisco Official Certification Guide, Zones and Why We Need Pairs of Them, p.380