What is the status of OS Identification?

What is the status of OS Identification?

A.
It is only enabled to identify Cisco IOS” OS using statically mapped OS fingerprinting

B.
OS mapping information will not be used for Risk Rating calculations.

C.
It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.

D.
It is enabled for passive OS fingerprinting for all networks.

Explanation:
http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/ime/ime_event_action_ru les.html#wp2119120
Understanding Passive OS Fingerprinting
Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS of these

hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type.
The sensor then uses the OS of the target host OS to determine the relevance of the attack to the victim by computing the attack relevance rating component of the
risk rating. Based on the relevance of the attack, the sensor may alter the risk rating of the alert for the attack and/or the sensor may filter the alert for the attack.
You can then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or definitively drop suspicious packets (a benefit in IPS mode).
Passive OS fingerprinting also enhances the alert output by reporting the victim OS, the source of the OS identification, and the relevance to the victim OS in the
alert.
Passive OS fingerprinting consists of three components:
·Passive OS learning
Passive OS learning occurs as the sensor observes traffic on the network. Based on the characteristics of TCP
SYN and SYNACK packets, the sensor makes a determination of the OS running on the host of the source IP address.
·User-configurable OS identification
You can configure OS host mappings, which take precedence over learned OS mappings. ·Computation of attack relevance rating and risk rating