Which three of these statements about a zone-based policy firewall are correct? (Choose three)

A.
An interface can be assigned to only one security zone.

B.
Traffic cannot flow between a zone member interface and any interface that is not a zone member.

C.
By default, all traffic to and from an interface that belongs to a security zone is dropped unless explicitly allowed in the zone-pair policy.

D.
In order to pass traffic between two interfaces that belong to the same security zone, you must configure a pass action using class-default

E.
Firewall policies, such as the pass, inspect, and drop actions, can only be applied between two zones.