Firewall Policy

This question doesn't make any sense. What do you mean by "size of the firewall policy"?

Both.

That entirely depends on your particular requirements. Firewalls don't come as "one size fits all" solutions.

Because the rules on top match first (normally, that is).

Read a good book on firewalls (e.g. [1]), and make sure you have at least a basic understanding of networking before you do.

Depends on the needs of the specific enterprise. Can be between 1 or 2 rules to hundreds of rules and a couple of firewalls with different rules each.

A sensible decision would be to deny any communication which is not explicitly allowed and wanted.

You are implying a precedence in ordering the rules, which might not be present in all firewalls.

Many firewalls only process the rules top to bottom until they find a match and then stop processing.

Again, this might not be true for all firewalls.

I personally like: ISBN-13: 978-0201634662 as an introductional book.

Cheers, Jens

Although usually, the lowest rule of the ruleset will be "Reject all".

Juergen Nieveler

The hard part of the answer will be answering this in a way that doesn't suggest too strongly that your teacher is an idiot for asking such an inane question.

It varies quite a bit. Not all firewalls deal with rules the same way. Enterprises vary greatly in their fw complexity dependent upon whether they're hosting their own internet services how many locations they have, whether they're dealing with partner extranets, and sch.

Fall through of deny any any is a best practice as a default. Aside from that if there's a web server accepting traffic to tcp/80 and tcp/443 on it is pretty common. Other than that, it varies by the companies vpn solution if any, if they're exchaning data with partners, if they have an ftp server, etc etc

See 1.

will be

Best HAVE TO BE "Reject all".