Visit here for our full ServiceNow CSA exam dumps and practice test questions.
Question 121:
An administrator needs to ensure that when a user submits a request, a specific approval rule is triggered based on the requested item’s price. Which feature should be configured?
A) Workflow conditions
B) Approval policies
C) Business rules
D) Client scripts
Answer: B
The correct answer is option B. Approval policies provide the framework for defining conditional approval requirements based on field values such as price, category, or requestor information. Approval policies allow administrators to create sophisticated approval routing logic that automatically triggers appropriate approval workflows when specified conditions are met.
When configuring approval policies, you define conditions such as price thresholds, department assignments, risk levels, or other business criteria that determine when approvals are required and who must approve. For price-based approvals, you might create policies stating requests under $1000 require manager approval, requests from $1000 to $5000 require department head approval, and requests exceeding $5000 require executive approval. Approval policies support multiple approvers, approval groups, conditional logic with AND/OR operators, approval order specifications (sequential or parallel), and timeout escalations for overdue approvals. The system evaluates policies when requests are submitted, automatically generating approval records for matching conditions. Approval policies integrate with workflow activities, allowing complex approval processes including pre-approval validations, notification to stakeholders, and post-approval processing. Organizations benefit from centralized approval logic that’s easy to maintain, audit trails showing which policies triggered approvals, and flexibility to adjust approval requirements without modifying underlying workflows. Properly configured approval policies ensure consistent governance, compliance with financial controls, and appropriate oversight based on risk and value.
Option A is incorrect because workflow conditions control the execution flow within workflows based on logic evaluations, but approval policies provide the specific framework for approval routing. While workflows can include approval activities, approval policies are the dedicated mechanism for conditional approval logic.
Option C is incorrect because business rules execute server-side logic when records are created, updated, or deleted, but they’re designed for data manipulation and automation rather than approval routing. Business rules could theoretically implement approval logic but lack the specialized features approval policies provide.
Option D is incorrect because client scripts execute in the user’s browser providing form validation and user interface behavior, but they operate client-side and aren’t designed for server-side approval routing. Client scripts enhance user experience but don’t implement approval workflows.
Question 122:
A system administrator needs to prevent users from deleting incident records once they reach the “Resolved” state. What is the BEST way to implement this control?
A) UI Policy
B) Access Control Rule (ACL)
C) Business Rule
D) Data Policy
Answer: B
The correct answer is option B. Access Control Rules (ACLs) are the security mechanism that controls access to records, fields, and operations in ServiceNow, including the ability to delete records based on conditions such as record state. ACLs provide robust security enforcement that cannot be bypassed through the UI or API.
To prevent deletion of resolved incidents, you create an ACL on the incident table for the “delete” operation with conditions checking the state field. The ACL would allow deletion only when the state is not “Resolved” or “Closed,” effectively blocking delete operations for records in those states. ACLs evaluate during every access attempt regardless of how users interact with the system – through the standard UI, mobile apps, web services, or integrations. The security framework ensures that even users with normally sufficient permissions cannot delete resolved incidents. ACL configuration includes specifying the table, operation (create, read, write, delete), conditions for when access is granted, roles required for access, and script-based logic for complex authorization decisions. Best practices include testing ACLs thoroughly in development environments, documenting security requirements driving ACL decisions, regular ACL reviews ensuring policies remain appropriate, and balancing security with operational efficiency. ACLs represent the foundational security layer in ServiceNow, and proper implementation is critical for data integrity, compliance, and audit requirements. Organizations typically implement ACLs restricting deletion of closed or historical records to prevent data loss and maintain audit trails.
Option A is incorrect because UI Policies control field visibility, mandatory status, and read-only state on forms, but they only affect the user interface and can be bypassed through APIs or direct database access. UI Policies don’t enforce security and aren’t suitable for preventing deletion.
Option C is incorrect because Business Rules execute server-side logic during record operations but are designed for automation and data manipulation, not security enforcement. While business rules could abort deletion, ACLs are the proper security mechanism for access control.
Option D is incorrect because Data Policies enforce data quality by making fields mandatory or read-only but operate at the UI level similar to UI Policies. Data Policies don’t control record deletion and don’t provide security enforcement against determined users or API access.
Question 123:
An organization wants to automatically assign incoming incidents to the appropriate support group based on the configuration item affected. Which feature should be configured?
A) Assignment rules
B) Business rules
C) Workflows
D) Service catalog
Answer: A
The correct answer is option A. Assignment rules provide automated assignment logic for routing work items to appropriate groups or individuals based on specified conditions including configuration item relationships, category selections, or other field values. Assignment rules eliminate manual assignment, ensure consistent routing, and accelerate response times.
When configuring assignment rules for CI-based routing, you create rules that match configuration items or CI categories to support groups with appropriate expertise. For example, incidents affecting Windows servers route to the Windows support team, incidents affecting network switches route to the network team, and incidents affecting SAP systems route to the SAP support team. Assignment rules support conditional logic with multiple criteria, priority ordering when multiple rules might match, fallback assignment when no rules match, and table-specific rules for different work item types. The system evaluates assignment rules when records are created or updated, automatically populating the assignment group field based on matching conditions. Advanced implementations might chain assignment rules with business rules for complex routing logic, integrate with skills-based routing for individual assignment, incorporate time zone considerations for follow-the-sun support, and include escalation rules for unassigned items. Assignment rules improve operational efficiency by reducing manual assignment overhead, ensure expertise matching by routing work to qualified teams, provide consistent customer experience through predictable routing, and enable better workload distribution across support teams.
Option B is incorrect because while business rules can implement assignment logic through scripting, assignment rules are the purpose-built feature for automated assignment providing easier configuration, better maintainability, and specialized capabilities for assignment scenarios without requiring scripting.
Option C is incorrect because workflows orchestrate complex multi-step processes but are more heavyweight than necessary for simple assignment logic. While workflows can include assignment activities, assignment rules provide simpler implementation for straightforward routing requirements.
Option D is incorrect because service catalog manages service offerings and request fulfillment but doesn’t handle incident assignment routing. Catalog items can specify default assignment groups, but this doesn’t provide dynamic CI-based assignment for incidents.
Question 124:
A system administrator needs to send automatic notifications to users when their requested items are approved. Where should this be configured?
A) Notification rules
B) Workflows
C) Business rules
D) Email templates
Answer: A
The correct answer is option A. Notification rules define when and to whom the system sends email or SMS notifications based on specified conditions and events. Notification rules provide centralized notification management with flexible triggering conditions, recipient targeting, and message customization for various business scenarios.
To configure approval notifications, you create notification rules that trigger when approval records reach the “approved” state. The notification specifies recipients such as the requestor, watchers, or specific groups, references email templates defining message content and formatting, includes conditions determining when notifications send, and defines timing for immediate or scheduled delivery. Notification rules support multiple triggering events including record insertion, updates, deletions, or specific field changes, dynamic recipient calculation based on record relationships or queries, conditions using complex logic evaluating multiple fields, and throttling to prevent notification flooding. ServiceNow provides numerous pre-configured notification rules for common scenarios that can be customized to match organizational requirements. Organizations should design notification strategies balancing information needs with notification overload, ensure notifications contain actionable information with links to relevant records, use clear subject lines and message content, and regularly review notifications ensuring they remain relevant. Effective notification management improves communication, reduces manual follow-up, accelerates processes through timely information delivery, and enhances user satisfaction through transparency about request status.
Option B is incorrect because while workflows can include notification activities at specific workflow stages, notification rules provide more flexible and centralized notification management without requiring workflow modification. Notifications rules are easier to maintain and modify than embedded workflow notifications.
Option C is incorrect because business rules execute server-side logic during record operations and could send notifications through scripting, but notification rules are the purpose-built feature for notifications providing better manageability, audit trails, and configuration simplicity without requiring custom scripting.
Option D is incorrect because email templates define message formatting and content but don’t trigger notifications. Templates are components used by notification rules but don’t independently generate or send notifications. Notification rules reference templates when sending messages.
Question 125:
An administrator wants to ensure that users cannot submit a request form until all mandatory fields are completed. What should be configured?
A) UI Policy
B) Client Script
C) Data Policy
D) Business Rule
Answer: C
The correct answer is option C. Data Policies enforce mandatory field requirements and read-only restrictions at the UI layer while providing enforcement across all interfaces including mobile, service portal, and standard UI. Data policies ensure data quality by preventing form submission when mandatory conditions aren’t met.
When configuring data policies for mandatory fields, you specify which table the policy applies to, conditions determining when the policy is active (such as specific user roles or field values), which fields become mandatory, and whether fields should be read-only. Data policies support conditional mandatory logic where fields become required based on other field values, providing flexible enforcement matching business requirements. For example, when users select a specific category, additional related fields might become mandatory. Data policies evaluate before form submission, preventing saves when requirements aren’t met and displaying clear error messages to users. Unlike UI policies which only affect standard UI, data policies enforce requirements across all user interfaces including Service Portal and mobile applications, providing consistent data quality regardless of access method. Organizations should design data policies reflecting business requirements for data completeness, provide clear field labels and help text guiding users, avoid excessive mandatory fields that frustrate users, and regularly review policies ensuring they remain appropriate. Effective data policies improve data quality, support downstream processes relying on complete data, reduce processing errors from incomplete information, and enhance reporting accuracy.
Option A is incorrect because UI Policies affect standard UI only and don’t enforce requirements in Service Portal or mobile interfaces. UI Policies can make fields mandatory visually but lack the enforcement capability across all interfaces that data policies provide.
Option B is incorrect because client scripts execute in the browser and could implement field validation, but they’re vulnerable to bypass and don’t provide consistent enforcement across all access methods. Client scripts are appropriate for user experience enhancement but not data quality enforcement.
Option D is incorrect because business rules execute server-side and could validate data, but they trigger during record operations rather than preventing form submission. Business rules identify problems after submission attempts rather than blocking invalid submissions proactively.
Question 126:
A system administrator needs to automatically create a change request whenever a high-priority incident is reported. What feature should be used?
A) Business Rule
B) Workflow
C) Record Producer
D) Flow Designer
Answer: D
The correct answer is option D. Flow Designer is ServiceNow’s modern automation platform for creating automated processes (flows) that respond to events, perform actions across multiple applications, and orchestrate complex multi-step operations. Flow Designer provides visual, no-code automation capabilities ideal for cross-application automation like creating change requests from incidents.
To automate change request creation from high-priority incidents, you create a flow triggered when incident records are created or updated with high priority. The flow includes actions that retrieve incident details, create a change request record with appropriate fields populated from the incident, establish relationships between the incident and change request, and notify relevant stakeholders. Flow Designer provides intuitive visual design with drag-and-drop actions, reusable subflows encapsulating common operations, robust error handling and retry logic, extensive action catalog for interacting with ServiceNow tables and external systems, and testing capabilities validating flows before production deployment. Compared to workflows, Flow Designer offers better performance, simpler maintenance, natural language descriptions improving readability, and seamless integration with IntegrationHub for external system connectivity. Organizations leverage Flow Designer for incident-to-change automation, request fulfillment orchestration, automated notifications and reminders, data synchronization between systems, and approval routing. Flow Designer represents ServiceNow’s strategic direction for automation, and new automation should be built using flows rather than legacy workflows.
Option A is incorrect because while business rules can create related records, they execute synchronously during record operations potentially impacting user experience, lack the sophisticated orchestration capabilities flows provide, and are more difficult to maintain than visual flows for complex multi-step processes.
Option B is incorrect because workflows can implement this automation but are legacy technology that ServiceNow is deprecating in favor of Flow Designer. Workflows are more complex to build and maintain, offer inferior performance, and lack modern capabilities that Flow Designer provides.
Option C is incorrect because record producers are service catalog items that create records based on user input but don’t provide automated background processing. Record producers require user interaction rather than responding automatically to system events.
Question 127:
An organization wants to track which users have accessed specific incident records for audit purposes. Which feature should be enabled?
A) Audit logging
B) Table rotation
C) Dictionary overrides
D) Field-level encryption
Answer: A
The correct answer is option A. Audit logging, also called table auditing, tracks changes to records including field modifications, record creation and deletion, and can be configured to track record access (reads). Audit logging provides comprehensive audit trails supporting compliance requirements, security investigations, and operational troubleshooting.
To enable audit logging for incident access tracking, you activate auditing on the incident table through table configuration settings, specify which fields to audit (or all fields), enable read auditing if access tracking is required beyond change tracking, and configure audit data retention policies balancing compliance needs with database performance. Audit logs capture who made changes, what changes were made (old and new values), when changes occurred, and how access occurred (UI, API, integration). ServiceNow stores audit data in dedicated audit tables optimized for append operations and historical data retention. Audit log reports show change history, access patterns, data modification trends, and support forensic investigations during security incidents. Organizations should audit sensitive tables containing personal information, financial data, or confidential business information, limit read auditing to only necessary tables due to performance impacts, establish audit log retention policies matching legal and compliance requirements, and regularly review audit data for anomalous patterns. Effective audit logging supports regulatory compliance (SOX, HIPAA, GDPR), provides non-repudiation for changes, enables root cause analysis during incidents, and deters inappropriate access through accountability.
Option B is incorrect because table rotation archives old records to separate tables improving performance on active tables but doesn’t track record access. Table rotation is a data management strategy rather than an auditing mechanism.
Option C is incorrect because dictionary overrides customize table and field properties in specific scopes but don’t provide auditing capabilities. Dictionary configuration affects data schema rather than tracking access or modifications.
Option D is incorrect because field-level encryption protects sensitive data by encrypting field contents but doesn’t track who accessed encrypted data. Encryption provides confidentiality while audit logging provides accountability through access tracking.
Question 128:
A system administrator needs to allow users to request catalog items only during business hours. What is the BEST way to implement this?
A) Catalog UI Policy
B) Business Rule
C) Schedule-based ACL
D) Client Script
Answer: C
The correct answer is option C. Schedule-based Access Control Rules (ACLs) allow administrators to define security permissions that vary based on time schedules, enabling access restrictions during specific time periods. Schedule-based ACLs provide robust security enforcement preventing access outside approved hours regardless of how users attempt to access the system.
To implement business hours restrictions for catalog item requests, you create an ACL on the catalog item or requested item table for the “create” operation, define a schedule specifying business hours (such as Monday-Friday 8 AM to 6 PM), and configure the ACL to grant access only during the defined schedule. When users attempt to request items outside business hours, the ACL evaluation fails and ServiceNow blocks the operation, displaying an appropriate error message. Schedule-based ACLs support multiple schedules for different time zones or business units, holiday calendars excluding specific dates, override capabilities for emergency access, and integration with user group membership for selective enforcement. Organizations use schedule-based ACLs for limiting non-business hour access to sensitive operations, enforcing maintenance windows by blocking access during system updates, complying with regulations restricting after-hours transactions, and reducing operational costs by consolidating support coverage. Implementation considerations include clear communication to users about access restrictions, appropriate error messages explaining unavailability, alternative processes for genuine after-hours emergencies, and time zone handling for global organizations. Schedule-based ACLs provide flexible, maintainable time-based security enforcement.
Option A is incorrect because catalog UI policies control form behavior and field properties but don’t enforce security restrictions. UI policies can hide catalog items but don’t prevent determined users from accessing items through APIs or direct links.
Option B is incorrect because business rules execute during record operations and could abort creates outside business hours, but ACLs are the proper security mechanism for access control. Business rules also can’t prevent initial form access like ACLs can.
Option D is incorrect because client scripts execute in the browser and can provide user feedback about restrictions but don’t enforce security. Client-side restrictions are easily bypassed and don’t provide reliable access control for security requirements.
Question 129:
An administrator needs to create a custom report showing the average resolution time for incidents by category. Which reporting tool provides the BEST solution?
A) Performance Analytics
B) Report Designer
C) Dashboard
D) List view
Answer: B
The correct answer is option B. Report Designer is ServiceNow’s primary tool for creating custom reports with various visualization types including bar charts, pie charts, line graphs, and tables. Report Designer provides flexible report configuration for analyzing data with calculations, grouping, and filtering capabilities.
To create an average resolution time report by category, you use Report Designer to create a new report on the incident table, group results by the category field, add a metric calculating average resolution time (typically using date/time fields like opened and resolved), select appropriate chart types visualizing the data, and configure filters limiting data to relevant time periods or other criteria. Report Designer supports multiple types including bar, line, pie, column, area, semi-donut, histogram, pivot tables, and dial gauges. Reports can include calculated fields, dynamic filters allowing users to adjust parameters, drill-down capabilities for detailed analysis, and scheduling for automatic generation and distribution. Reports are saved as records that can be shared with users, added to dashboards for consolidated views, exported to various formats (PDF, Excel, CSV), and used in homepages for personalized user displays. Organizations leverage Report Designer for operational reporting showing key metrics and trends, performance monitoring tracking SLA compliance and team productivity, management dashboards providing executive visibility, and ad-hoc analysis supporting decision-making. Effective reports balance detail with clarity, use appropriate visualizations for data types, update at frequencies matching business needs, and target audiences needing information.
Option A is incorrect because Performance Analytics is an advanced reporting tool focusing on indicator tracking over time, trending analysis, and predictive analytics. While PA can calculate averages, it’s more complex than necessary for basic average calculations and is typically used for strategic performance management rather than operational reporting.
Option C is incorrect because dashboards display multiple reports and widgets in consolidated views but don’t create individual reports. Dashboards consume reports created in Report Designer rather than replacing report creation functionality.
Option D is incorrect because list views display records in tabular format with basic filtering and sorting but don’t provide graphical visualizations or calculations like averages. List views are for record management rather than analytical reporting.
Question 130:
A system administrator needs to prevent users from saving incident records without providing a description. What is the MOST effective method?
A) Data Policy
B) UI Policy
C) Business Rule
D) Client Script
Answer: A
The correct answer is option A. Data Policies enforce mandatory field requirements across all user interfaces including standard UI, Service Portal, and mobile applications, providing comprehensive data quality enforcement. Data policies prevent record saves when required fields are empty, ensuring data completeness regardless of access method.
To enforce mandatory description requirements, you create a data policy on the incident table specifying that the description field is mandatory, optionally adding conditions determining when the requirement applies (such as specific incident types or priorities), and configuring appropriate error messages guiding users to complete required information. Data policies evaluate during form submission before records are saved, blocking incomplete submissions and highlighting missing fields. Unlike UI-only controls, data policies provide security-level enforcement that cannot be bypassed through APIs, web services, or other programmatic access methods. Data policies support conditional mandatory logic where requirements vary based on other field values or user roles, cascading requirements where one mandatory field triggers others, and read-only enforcement preventing field modification. Organizations should use data policies judiciously to balance data quality needs with user experience, provide clear field labels and help text, avoid making too many fields mandatory, and regularly review policies ensuring they remain appropriate. Effective data policies improve data completeness for downstream processes, reduce rework from incomplete submissions, support accurate reporting and analytics, and ensure compliance with data governance requirements.
Option B is incorrect because UI Policies only enforce requirements in the standard UI and don’t protect against API access, web service submissions, or other programmatic record creation. UI Policies are easily bypassed by users with technical knowledge.
Option C is incorrect because business rules execute during record operations and could validate descriptions, but they trigger after submission attempts rather than preventing invalid submissions proactively. Business rules are better for complex validation logic than basic mandatory field enforcement.
Option D is incorrect because client scripts execute in the browser and can display warnings about missing descriptions, but they don’t enforce requirements server-side and can be bypassed. Client scripts enhance user experience but don’t provide reliable data quality enforcement.
Question 131:
An organization wants to automatically escalate incidents that have been open for more than 24 hours without any updates. Which feature should be configured?
A) SLA Definition
B) Business Rule
C) Escalation Policy
D) Schedule Job
Answer: A
The correct answer is option A. SLA (Service Level Agreement) Definitions provide comprehensive service level management including time-based escalations, breach warnings, and automated actions when service level targets aren’t met. SLAs monitor elapsed time and trigger escalations based on configurable schedules and conditions.
To implement 24-hour escalation for inactive incidents, you create an SLA definition on the incident table with conditions identifying which incidents the SLA applies to, a schedule defining when time counts (business hours or 24/7), a 24-hour duration before escalation, and workflow or flow actions that execute when the SLA is breached including notification to managers, priority increases, reassignment to senior teams, or executive notifications. SLA definitions include start conditions determining when timing begins, pause conditions stopping the clock during specific states (like awaiting customer response), stop conditions ending SLA tracking, and reset conditions restarting timing after updates. The SLA engine continuously monitors active SLA instances, calculating elapsed and remaining time, displaying visual indicators (like colored percentages) on forms and lists, and triggering breach actions at defined thresholds. Organizations use SLAs for response time commitments, resolution time targets, escalation procedures, compliance with customer contracts, and operational performance management. Effective SLA implementation requires realistic time targets based on historical data, appropriate schedules reflecting business operations, clear escalation procedures, and regular review of SLA performance and attainment.
Option B is incorrect because business rules execute based on record operations (create, update) rather than time passage. While business rules can check elapsed time during updates, they don’t provide continuous time monitoring and automatic escalation like SLAs.
Option C is incorrect because escalation policies in ServiceNow typically refer to assignment group escalation logic rather than time-based escalations. While escalation concepts overlap with SLAs, SLA definitions are the proper mechanism for time-based service level management.
Option D is incorrect because scheduled jobs execute scripts at defined intervals but aren’t designed for continuous service level monitoring. While a scheduled job could check for aged incidents, SLAs provide purpose-built functionality for service level management with better performance and capabilities.
Question 132:
A system administrator needs to create a custom application that includes several related tables with specific relationships. What is the BEST approach?
A) Create an application using Application Studio
B) Manually create tables using the Tables module
C) Import tables from an update set
D) Clone existing tables and modify them
Answer: A
The correct answer is option A. Application Studio provides a guided, structured approach to creating custom applications in ServiceNow, including table creation, relationship definition, data model design, security configuration, and user interface development. Application Studio ensures applications follow best practices, maintain proper scope isolation, and integrate seamlessly with the platform.
When creating applications in Application Studio, you define application properties including name, scope, and description, use guided tours through application development steps, create tables with appropriate relationships (one-to-many, many-to-many) using visual tools, configure forms and lists with drag-and-drop designers, implement business logic through declarative tools, and define security models through role creation and ACL configuration. Application Studio generates proper application scope boundaries isolating custom development from baseline platform functionality, ensures applications are upgrade-safe preventing conflicts with platform updates, facilitates application lifecycle management including version control, and streamlines application deployment between instances. The studio includes application templates for common use cases, best practice recommendations during development, automated testing capabilities, and integration with source control systems for professional development practices. Organizations benefit from standardized application development approaches, reduced development time through guided experiences, improved application quality through built-in best practices, and easier maintenance of custom applications. Application Studio represents ServiceNow’s modern development experience, and new applications should be built using this tool.
Option B is incorrect because manually creating tables through the Tables module requires more technical knowledge, lacks guided experiences ensuring best practices, doesn’t provide structured application development workflows, and may result in tables without proper scoping or relationships.
Option C is incorrect because importing tables from update sets is a deployment mechanism rather than a development approach. Update sets transfer completed development between instances but don’t help with initial application design and creation.
Option D is incorrect because cloning existing tables might seem efficient but creates technical debt through inappropriate table inheritance, mismatched field types, unnecessary fields from source tables, and maintenance complexity from tables not purpose-built for requirements.
Question 133:
An administrator wants to prevent specific users from viewing certain fields containing sensitive personal information on user records. What should be configured?
A) Field-level ACLs
B) UI Policy
C) Data Policy
D) Read ACL on table
Answer: A
The correct answer is option A. Field-level Access Control Rules (ACLs) provide granular security controlling which users can view (read) or modify (write) specific fields on records. Field-level ACLs enable data protection strategies that hide sensitive information from users who don’t have business need to access it, supporting privacy regulations and data security requirements.
To restrict access to sensitive personal information fields, you create field-level ACLs on specific fields like social security number, date of birth, or bank account information, specifying read operation restrictions, defining which roles grant access, and optionally including script logic for complex authorization decisions based on record context or user attributes. Field-level ACLs evaluate for every field access regardless of interface (standard UI, Service Portal, mobile, API, or integrations), completely hiding restricted fields or showing empty values to unauthorized users. ACL inheritance allows creating base security rules that child tables extend or override. Organizations implement field-level ACLs for personal information requiring privacy protection (GDPR, CCPA compliance), financial data needing segregation of duties controls, confidential business information on competitive need-to-know basis, and security credentials preventing exposure. Field-level security should consider legitimate business needs ensuring authorized personnel can access required information, audit requirements tracking who accessed sensitive data, and administrative override capabilities for emergency situations. Proper field-level ACL implementation protects sensitive data, supports regulatory compliance, limits data exposure during breaches, and demonstrates data protection due diligence.
Option B is incorrect because UI Policies control field behavior in user interfaces (visibility, mandatory, read-only) but don’t enforce security. UI Policies can hide fields visually but don’t prevent determined users from accessing field values through APIs or other methods.
Option C is incorrect because Data Policies enforce data quality through mandatory and read-only requirements but don’t provide security controls preventing field access. Data Policies improve data integrity rather than protecting confidential information.
Option D is incorrect because table-level read ACLs control whether users can view entire records but don’t provide field-level granularity. Table ACLs are too coarse-grained when specific fields need protection while allowing access to other record information.
Question 134:
A system administrator needs to automate the creation of related configuration items when new users are onboarded. What is the MOST appropriate tool?
A) Flow Designer
B) Business Rule
C) Transform Map
D) Workflow
Answer: A
The correct answer is option A. Flow Designer is ServiceNow’s modern automation platform ideal for orchestrating multi-step processes including creating related records, performing lookups, integrating with external systems, and handling complex business logic. Flow Designer provides visual, maintainable automation for cross-application processes like onboarding.
To automate CI creation during user onboarding, you create a flow triggered when user records are created or activated, include actions that determine appropriate CIs based on user role or department (such as laptops, phones, software licenses), create CI records with proper attributes populated from user information, establish relationships between users and their assigned CIs, update asset management systems, and notify IT teams about provisioning requirements. Flow Designer provides reusable subflows encapsulating CI creation logic usable across multiple processes, error handling with retry logic for failed operations, decision logic branching based on conditions, parallel execution for performance optimization, and comprehensive logging for troubleshooting. Compared to business rules, flows offer better readability for complex processes, easier maintenance by non-programmers, superior error handling, and natural language descriptions improving documentation. Organizations leverage Flow Designer for onboarding and offboarding automation, request fulfillment orchestration, incident remediation workflows, and integration with external systems through IntegrationHub. Flow Designer represents ServiceNow’s strategic automation platform, and new automation development should use flows rather than legacy tools.
Option B is incorrect because business rules execute synchronously during record operations potentially impacting user experience during user creation, lack sophisticated orchestration capabilities for multi-step processes, and are more difficult to maintain than visual flows for complex automation involving multiple record types.
Option C is incorrect because transform maps process imported data by mapping source fields to target table fields during data integration but don’t provide automation triggered by record creation events. Transform maps are integration tools rather than process automation tools.
Option D is incorrect because workflows can implement this automation but represent legacy technology being deprecated in favor of Flow Designer. Workflows are more complex to build, offer inferior performance, lack modern capabilities, and aren’t recommended for new development.
Question 135:
An organization wants to track time spent by support staff working on incidents for billing purposes. Which feature should be enabled?
A) Time Cards
B) Work Notes
C) Activity Log
D) Audit Log
Answer: A
The correct answer is option A. Time Cards provide structured time tracking capabilities allowing support staff to log hours spent on tasks, incidents, or other work items. Time cards capture detailed time information supporting billing, resource planning, productivity analysis, and project accounting.
When implementing time card tracking for incidents, you enable the time card functionality on the incident table, configure time card fields capturing start time, end time, duration, and billing information, create roles and permissions determining who can create and approve time cards, and establish workflows or approvals for time card validation. Time cards support detailed information including billing rates, work descriptions, time allocation across multiple work items, and approval workflows ensuring accuracy before billing. Organizations use time cards for customer billing based on support hours, internal cost allocation across departments or projects, capacity planning using historical time data, productivity analysis comparing estimated versus actual time, and compliance with labor regulations tracking working hours. Time card implementation should integrate with billing systems for invoice generation, provide user-friendly interfaces minimizing data entry burden, include validation preventing time overlap or excessive hours, and generate reports summarizing time by various dimensions. Effective time tracking balances administrative overhead with business value, ensures accuracy through regular submission requirements, and provides visibility into how support resources are utilized.
Option B is incorrect because work notes capture text descriptions of work performed but don’t provide structured time tracking with duration, billing rates, or time allocation capabilities. Work notes document activities but aren’t designed for quantitative time and billing tracking.
Option C is incorrect because the activity log displays all updates to records in chronological order but doesn’t specifically track time spent working. Activity logs show what happened and when, but not how long work activities took.
Option D is incorrect because audit logs track field changes for security and compliance but don’t capture time spent on work activities. Audit logs provide accountability for modifications but aren’t designed for time and billing tracking.
Question 136:
A system administrator needs to configure a catalog item that allows users to select from a filtered list of available software based on their department. What should be used?
A) Variable Set with reference qualifier
B) Catalog UI Policy
C) Catalog Client Script
D) Record Producer
Answer: A
The correct answer is option A. Variable Sets contain reusable catalog variables that can be shared across multiple catalog items, and reference qualifiers filter reference field options based on conditions or scripts. Using a variable set with reference qualifiers provides maintainable, reusable configuration for department-based software filtering.
To implement department-filtered software selection, you create a variable set containing a reference variable pointing to a software table or CI table, configure a reference qualifier filtering software records based on the requestor’s department using a script or query, add the variable set to the catalog item, and optionally configure dependent variables displaying additional software-specific options. Reference qualifiers support encoded queries for simple filtering, JavaScript functions for complex logic accessing user properties or other record data, and dynamic evaluation executing when forms load or fields change. Variable sets provide reusability across multiple catalog items requiring similar information, consistent user experience through standardized variables, centralized maintenance where changes propagate to all using catalog items, and reduced development time through pre-built variable collections. Organizations create variable sets for common data collection patterns like approval workflows, asset selection, location information, and cost center assignment. Best practices include thorough testing of reference qualifiers ensuring correct filtering, performance optimization avoiding expensive queries, and clear variable labels helping users understand options.
Option B is incorrect because catalog UI policies control variable visibility, mandatory status, and read-only state but don’t filter reference field options. UI policies enhance form behavior but don’t implement the filtering logic required for department-based software selection.
Option C is incorrect because catalog client scripts could implement filtering through client-side logic but require more complex scripting than reference qualifiers, execute in the browser creating potential performance issues, and are harder to maintain than declarative reference qualifiers.
Option D is incorrect because record producers are catalog items that create records (like incidents or requests) rather than components for collecting variable information. Record producers are complete catalog items rather than configuration elements for variable filtering.
Question 137:
An administrator needs to create a workflow that requires manager approval before incidents can be closed. What should be configured?
A) Workflow with Approval activity and conditions
B) Manual email to managers for each incident
C) UI Policies requiring manager login
D) Client Scripts blocking closure
Answer: A
Explanation:
Creating a Workflow with Approval activities and conditions provides structured, automated approval processes for incident closure requiring manager authorization before completion. ServiceNow Workflows are graphical process automation tools that orchestrate activities, decisions, and approvals across the incident lifecycle. Approval activities specifically handle approval requests by generating approval records, notifying approvers, waiting for responses, and branching workflow execution based on approval outcomes. For incident closure approval, you would design a workflow that triggers when incidents are set to Resolved, creates manager approval requests, prevents closure until approved, and completes or reopens incidents based on approval decisions.
Workflow configuration involves navigating to Workflow > Workflow Editor, creating a new workflow for the Incident table, defining trigger conditions such as when state changes to Resolved, adding workflow activities starting with Begin activity for workflow start, inserting Approval-User or Approval-Group activity to generate approval requests for managers identified from the incident’s assigned_to user’s manager field or assignment group managers, configuring approval parameters including due dates, escalation rules, and approval descriptions, adding If activity to check approval outcomes with conditions testing whether approval was approved, rejected, or cancelled, branching workflow paths based on outcomes where approved path sets state to Closed and rejected path returns state to Assigned with notifications, and publishing the workflow to activate it. Workflows maintain audit trails showing approval history, timestamps, and approver comments. Advanced features include automatic escalation for overdue approvals and multi-level approval chains.
Option B is incorrect because manual email to managers doesn’t provide structured approval tracking, requires managers to reply outside ServiceNow losing audit trails, and doesn’t automatically control incident state based on approvals. Manual processes are inefficient. Option C is incorrect because UI Policies can’t enforce approval requirements or track approval decisions. UI Policies control form behavior but don’t manage approval processes. Option D is incorrect because Client Scripts blocking closure would prevent all closures without approval mechanism and execute only when users interact with forms, not handling approvals comprehensively.
Question 138:
A company needs to schedule automated reports to be generated and emailed weekly. What ServiceNow feature enables this?
A) Scheduled Reports with email recipients
B) Manual report generation each week
C) Client Scripts generating reports
D) UI Policies for report creation
Answer: A
Explanation:
Configuring Scheduled Reports with email recipients automates report generation and distribution on defined schedules, eliminating manual report creation and ensuring stakeholders receive timely information without administrator intervention. ServiceNow’s scheduling capability allows reports to run automatically at specified intervals (daily, weekly, monthly) or specific times, generating report outputs based on current data and emailing results to distribution lists. Scheduled reports maintain consistent reporting cadence, reduce administrative burden, support compliance with reporting requirements, and ensure decision-makers have access to up-to-date metrics.
Scheduled report configuration involves creating a report through Reports > Create New using appropriate data sources, visualizations, and filters, saving the report with a descriptive name, clicking the schedule icon on the saved report, configuring schedule parameters including frequency like weekly, day of week such as Monday, time of day, and time zone, adding email recipients by entering email addresses or selecting users/groups from the system, configuring email options including subject line, message body, and attachment format (PDF, Excel, CSV), and activating the schedule. ServiceNow’s scheduler service processes scheduled jobs, executes report queries at scheduled times, generates report output, and sends emails with reports as attachments or embedded content. Scheduled reports support multiple recipients, conditional scheduling based on criteria, and deactivation when reporting requirements change. Users can manage their scheduled reports through the reporting interface.
Option B is incorrect because manual report generation each week requires ongoing administrator time, risks being forgotten or delayed, lacks consistency, and doesn’t scale as reporting needs grow. Manual processes defeat automation benefits. Option C is incorrect because Client Scripts execute in browsers on user actions and can’t generate or schedule reports. Client Scripts are for form interaction, not backend report processing. Option D is incorrect because UI Policies control form field behavior and have no report generation or scheduling capabilities. UI Policies are form customization tools without reporting functionality.
Question 139:
An administrator needs to grant users the ability to create incidents but not delete them. Which approach should be used?
A) Assign roles with create/write permissions but not delete permissions
B) Give users full admin access
C) Use Client Scripts to hide delete buttons
D) Create Business Rules preventing all operations
Answer: A
Explanation:
Assigning roles with create and write permissions but excluding delete permissions provides granular security control enabling users to create new incidents and update existing incidents while preventing record deletion. ServiceNow’s role-based access control (RBAC) system grants permissions through roles that bundle specific capabilities. Access Control Lists (ACLs) evaluate user roles against operation types (create, read, write, delete) on tables, granting or denying actions based on role assignments. By carefully selecting roles or creating custom roles with appropriate permissions, administrators implement principle of least privilege ensuring users have necessary access without excessive permissions.
Implementation involves analyzing required permissions where users need incident creation and updates but not deletion, identifying existing roles like itil_user that provide create/write access or creating custom roles if needed, navigating to User Administration > Users to assign roles to users or groups, verifying that delete ACLs on the Incident table require roles not assigned to these users such as admin role, and testing by logging in as an affected user to confirm incidents can be created and updated but delete buttons don’t appear or deletion attempts are blocked. ServiceNow’s ACL evaluation checks all applicable ACLs, granting access only when at least one ACL explicitly permits the operation. If no delete ACLs grant permission to the user’s roles, deletion is automatically denied. This security model ensures consistent enforcement regardless of how users attempt operations through UI, API, or mobile.
Option B is incorrect because full admin access grants excessive permissions including deletion and system administration capabilities, violating least privilege principles and creating security risks. Admin access should be restricted to actual administrators. Option C is incorrect because Client Scripts hiding delete buttons is cosmetic security easily bypassed through direct URLs, APIs, or browser manipulation. Client-side security doesn’t provide true access control. Option D is incorrect because Business Rules preventing all operations would block legitimate incident creation and updates, making the system unusable. Blanket prevention doesn’t provide selective permission control.
Question 140:
A ServiceNow instance needs to synchronize user data from Active Directory. What feature should be configured?
A) LDAP Integration or IntegrationHub for user import
B) Manual user creation for each employee
C) Client Scripts for user management
D) UI Policies for user forms
Answer: A
Explanation:
Configuring LDAP Integration or using IntegrationHub for user import enables automated synchronization of user data from Active Directory into ServiceNow, ensuring user records remain current without manual maintenance. LDAP (Lightweight Directory Access Protocol) integration connects ServiceNow directly to Active Directory or other LDAP-compliant directory services, querying user information and importing or updating user records based on scheduled intervals. IntegrationHub provides more advanced integration capabilities with transformation, error handling, and orchestration. Automated synchronization maintains data accuracy, reduces administrative overhead, supports Single Sign-On (SSO) authentication, and ensures new employees immediately have ServiceNow access.
LDAP integration configuration involves activating the LDAP Integration plugin through System Plugins if not already enabled, navigating to System LDAP > LDAP Servers, creating an LDAP server configuration by entering Active Directory server connection details including hostname/IP, port, and protocol, configuring authentication credentials for a service account with read access to Active Directory, defining LDAP OU (Organizational Unit) specifying which AD containers to import users from, mapping Active Directory attributes to ServiceNow user fields such as mapping AD sAMAccountName to ServiceNow user_name, mail to email, and displayName to first/last names, configuring transformation scripts for complex mappings or data cleansing, setting import schedules for automated synchronization like daily or hourly, and testing the connection and import process. LDAP imports can create new users, update existing users, and optionally deactivate users removed from AD. This ensures ServiceNow user data matches authoritative directory sources.
Option B is incorrect because manual user creation for each employee is time-consuming, error-prone, doesn’t scale for large organizations, and creates synchronization issues when employee data changes in Active Directory. Manual processes can’t maintain data consistency. Option C is incorrect because Client Scripts execute in browsers for form interaction and can’t query external directories or perform bulk user imports. Client Scripts are for client-side logic. Option D is incorrect because UI Policies control form field behavior and have no relationship to external system integration or user data synchronization. UI Policies are form customization tools.
