An administrator needs to create a Security policy rule that matches DNS traffic sourced from either the LAN or VPN zones, destined for the DMZ or Untrust zones.
The administrator does not want to match traffic where the source and destination zones are LAN, and also does not want to match traffic where the source and destination zones are VPN.
Which Security policy rule type should they use?
b
in other words the admin doesn't want to match intrazone traffic it is clearly an interzone traffic as the universal means the whole thing. A is the correct answer.