What is the only permitted operation for processing multicast traffic on zone-based firewalls?
A.
Only control plane policing can protect the control plane against multicast traffic.
B.
Stateful inspection of multicast traffic is supported only for the self-zone.
C.
Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone.
D.
Stateful inspection of multicast traffic is supported only for the internal zone.
Explanation:
Explanation/Reference:BD
Neither Cisco IOS ZFW or Classic Firewall include stateful inspection support for multicast traffic.
So the only choice is A.
Source: http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html
A is the correct answer. The link below says:
Stateful inspection support for multicast traffic is not supported between any zones, including the self zone. Use Control Plane Policing for the protection of the control plane against multicast traffic.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/15-mt/sec-data-zbf-15-mt-book/sec-zone-pol-fw.html