An Administrator of an IBM Security QRadar SIEM V7.2.8 deployment needs to exclude the mail servers from a custom rule.
How would the Administrator complete this task?
A. Create a building block that includes the IP addresses of all mail servers, use that building block in the custom rule, to exclude those hosts.
B. Create several rules excluding each mail server. Place these rules with the custom rule in a master rule, making sure the custom rule is last in the sequence.
C. Create a custom rule. In the "Rule Response’ section of the Rule Wizard, select the Trigger Scan option Add the mail server IP Addresses to the table and select exclude.
D. Create the custom rule. Create a Custom Action from the Admin Tab, to exclude the mail servers IP Addresses. In the "Rule Response" section of the Rule
Wizard, select the Execute Custom Action option, selecting the appropriate Custom Action.
|
Download Printable PDF. VALID exam to help you PASS. |
 |