https://supportportal.juniper.net/s/article/SRX-Understanding-how-proxy-IDs-are-generated-in-route-based-and-policy-based-VPNs?language=en_US

This question is doing my head in - its not clear if they are asking about route-based or policy based because for route-based answer would be A+D however for policy-based it would be C+D

SORRY MEANT TO SAY A+B ARE CORRECT FOR POLICY BASED VPN

after having a good read check the below statement i think its A+D as the answer Proxy ID generation for ROUTE-BASED VPNs can be defined explicitly. If it is not defined, a default proxy ID will be used of 0.0.0.0 if no traffic selectors are configured at all then the default proxy id will be used and must match both peers, Proxy ID generation for POLICY-BASED VPNs is based on the security policy that is bound to the VPN , and cannot be overwritten with the proxy-identity command under the set security ipsec vpn <vpn> ike proxy-identity stanza.

CD- Proxy IDs are a validated item during VPN tunnel establishment with the proxy IDs of the VPN peers needing to be an inverse match of one another: SRX PEER Local 192.168.1.0/24 \ / Local 10.10.10.5/32 Remote 10.10.10.5/32 / \ Remote 192.168.1.0/24 Proxy ID generation for route-based VPNs can be defined explicitly. If it is not defined, a default proxy ID will be used of 0.0.0.0 if no traffic selectors are configured at all then the default proxy id will be used and must match both peers

C+D - i agree with 66dc178 When no proxy-identity is defined, the system uses a default proxy-identity, which is 0.0.0.0

In the absence of specific proxy ID configurations in policy-based VPNs, the default traffic selectors are considered to be 0.0.0.0/0, indicating that all traffic is eligible for the VPN tunnel, subject to the policy definitions. This default setting facilitates the tunneling of all traffic as per the defined policies unless more specific traffic selectors are configured.