SCAN_RSP and SCAN_REQ

Scan Request causes (if detected by target Broadcaster) issuing of Scan Response (if Broadcaster is scannable) which are kind of "another advertising data string" (but that comes only "on request" not with every adv. packet). You can imagine it as kind of power-efficient way how BLE specification since v4.0 extended 31 bytes o Adv. Data space to 2x31 bytes (second field comes only if some Scanner shows interest so it should not hold essential or fast changing information).

I met UUID broadcast in the broadcast data packet, but also encountered UUID sent in the scan response, this is configured in the slave or random?

Both Adv. data and Scan Response are (almost) freely formatted and controlled by "Slave" device as you say (GAP Peripheral/Broadcaster to be more precise). Beside of few rules set by BT SIG specification (like that information should be formatted into GAP AD Length-Tag-Value objects - if your device is GAP compliant - and that FLags AD element is mandatory in Adv. data - again to be GAP compliant) the device can put UUID AD element (any of them) to one or other or both. Also the data aren't necessary static so device can alter them for every advertising interval or Scan Response packet if it wants.