Refer to the exhibit.

Based on the show policy-map type inspect zone-pair session command output shown, what can
be determined about this Cisco IOS zone based firewall policy?

A.
All packets will be dropped since the class-default traffic class is matching all traffic.

B.
This is an inbound policy (applied to traffic sourced from the less secured zone destined to the
more secured zone).

C.
This is an outbound policy (applied to traffic sourced from the more secured zone destined to
the less secured zone).

D.
Stateful packet inspection will be applied only to HTTP packets that also match ACL 110.

E.
All non-HTTP traffic will be permitted to pass as long as it matches ACL 110.

F.
All non-HTTP traffic will be inspected.

Explanation:
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html
Match access-group
To configure the match criteria for a class map on the basis of the specified access control list
(ACL), use the match access-group command in class-map configuration mode. To remove ACL
match criteria from a class map, use the no form of this command.
match access-group {access-group | name access-group-name}
no match access-group access-group
match protocol
To configure the match criterion for a class map on the basis of a specified protocol, use the
match protocol command in class-map configuration mode. To remove the protocol-based match

criterion from the class map, use the no form of this command.
Match protocol protocol-name no match protocol protocol-name