Scenarios where Service Policy should be used over iRule and Vice versa

This largely comes down to what you're used to.
Some people prefer using Policies for straightforward logic, turning to iRules only when more complex behavior is required.
Others, however, will use iRules regardless of the situation.

Policies are generally easier to configure and maintain, especially for those with less experience—which can be a key factor in long-term maintainability.
On the other hand, iRules offer nearly limitless flexibility, making them ideal for advanced use cases.

Got it but if we have configured multiple service policy rules which one takes precedence. In irules lower priority takes precedence but I want to know the execution order of service policies

Injeyan one more question can you please assist with the request evaluation process how does big ip enforce its security modules when a request comes to it if both ltm and asm all modules are implemented i mean complete security check like Distributed Cloud has mentioned in the attached snapshot

It is written ASM DDoS is going to be executed first then Bot Defense and after that ASM Policy.

With respect to LTM and ASM like we have service polices, irules etc etc

Is it the order would be like ASM DDos > Bot Defense > Service Policies > Irule (if configured) > then rest of the settings configured at layer 7 security in ASM