Which statement about Cisco IOS IPS on Cisco IOS Release 12.4(11)T and later is true?

A.
uses Cisco IPS 5.x signature format

B.
requires the Basic or Advanced Signature Definition File

C.
supports both inline and promiscuous mode

D.
requires IEV for monitoring Cisco IPS alerts

E.
uses the built-in signatures that come with the Cisco IOS image as backup

F.
supports SDEE, SYSLOG, and SNMP for sending Cisco IPS alerts

Explanation:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_ios_ips/configuration/12-4t/sec-ips5-sigfsue.html
Signature Categories
Cisco IPS appliances and Cisco IOS IPS with Cisco 5.x format signatures operate with signature
categories.
All signatures are pregrouped into categories; the categories are hierarchical. An individual
signature can belong to more than one category. Top-level categories help to define general types
of signatures.
Subcategories exist beneath each top-level signature category. (For a list of supported top-level
categories, use your router CLI help (?).)
Router Configuration Files and Signature Event Action Processor (SEAP)
As of Cisco IOS Release 12.4(11)T, SDFs are no longer used by Cisco IOS IPS. Instead, routers
access signature definition information through a directory that contains three configuration files–

the default configuration, the delta configuration, and the SEAP configuration. Cisco IOS accesses
this directory through the ip ips config location command.