Penetration tools may alert if IIS server is accepting requests with HTTP OPTIONS method. This is because the response to these requests may reveal what other methods are supported by the web server.
IIS vulnerability
Vulnerability “Remove the default page or stop/disable the IIS server”
Penetration tools may raise an alarm if the default IIS page is still available in your server. This page comes by default when you install Web Server role.