IBM Security QRadar SIEM V7.4.3 Administration — Question 43

Consider this scenario and instruction.
Vulnerability assessment products launch attacks that can result in offense creation. To avoid this behavior and define vulnerability assessment products or any server that you want to ignore as a source, edit the “and when the source IP is one of the following” test to include the IP addresses of the following scanners.

VA Scanners -

Authorized Scanners -
What type of editable building block is described?

Answer options

• A. BB:HostDefinition: Authorized ScannersSource IP
• B. BB:HostDefinition: VA Scanner Source IP
• C. BB:NetworkDefinition: Server Networks
• D. BB:HostDefinition: Proxy Servers

Correct answer: B

Explanation

The correct answer is B, as it specifically refers to the editable building block that defines the source IP for VA scanners, which is needed to exclude them from triggering offenses. Option A refers to authorized scanners, which are not the focus of this context, while options C and D pertain to network definitions and proxy servers, which do not apply to the vulnerability assessment process.