Free Practice Questions for ServiceNow CIS-DF Exam

The CMDB plays a critical role in security operations by providing trusted, structured insight into the organization’s IT landscape. When built according to Data Foundations principles—accurate discovery, governed relationships, and alignment to CSDM—the CMDB becomes an essential enabler for security incident response and vulnerability management.

Option D is correct because the CMDB allows security teams to identify exactly which IT infrastructure components are affected by a vulnerability. By correlating vulnerability scan results with configuration items (CIs), security teams can determine whether an issue exists on a server, application, cloud resource, or network device—and understand where that CI sits within the broader service context. This eliminates blind spots and reduces time spent investigating unknown or unmanaged assets.

Option A is also correct because the CMDB supports assessment and remediation activities during security incidents. Once affected CIs are identified, the CMDB provides ownership, support group, environment, and service relationships. This enables security teams to quickly route remediation tasks to the correct resolver groups, assess business impact, and prioritize response based on service criticality. While the CMDB does not perform remediation itself, it enables informed and coordinated action.

Option B is incorrect because vulnerabilities are not auto-resolved by the CMDB; remediation requires human decision-making and execution through security, patching, or change processes. Option C, while related to governance and compliance use cases, is more aligned with GRC and audit functions rather than day-to-day security operations, making it less appropriate for this question.

In summary, the CMDB’s primary value in security operations is visibility and actionable insight, enabling faster identification, assessment, and response to security threats.

Application Service Mapping is a critical capability in ServiceNow for enabling business-aware Change Management. Its primary value is not in identifying physical shutdown sequences or CI locations, but in translating technical changes into business impact.

When an organization plans a data center move, multiple infrastructure components—servers, databases, network devices—may be affected. On their own, these technical CIs provide little insight into business risk. Application Service Mapping connects these CIs to Application Services and Business Services as defined by the Common Service Data Model (CSDM). This relationship allows Change Managers to see which business services, customers, and processes are impacted by the planned change.

By leveraging service maps, Change Management can answer critical questions such as:

Which customer-facing services may experience downtime?

What revenue-generating or mission-critical services are at risk?

Which stakeholders must be notified or involved in approvals?

Option A is incorrect because service mapping does not determine shutdown order; that is handled by infrastructure planning. Option C focuses on physical location data, which is typically managed through Location CIs and Discovery, not service mapping.

Therefore, the correct answer is B – To understand the business impact of CIs, which aligns directly with ITIL 4, CSDM, and Change Management best practices.

In Data Foundations, “Govern” is about putting repeatable, controlled mechanisms in place to keep CMDB data healthy over time. Duplicate CI cleanup is a governance activity because duplicates degrade trust, break reporting, create incorrect service impacts, and cause operational confusion (for example, incidents linked to the wrong CI). The preferred approach is to use the guided and purpose-built de-duplication experience designed for CMDB administrators rather than relying on generic task lists or ad-hoc work.

The de-duplication dashboard in CMDB Workspace is the preferred place because it centralizes duplicate identification, prioritization, and remediation in a single operational experience. It typically provides visibility into suspected duplicates, helps users review records side-by-side, and supports controlled actions (such as merge/retire workflows, depending on configuration) while maintaining auditability. This aligns with Data Foundations’ emphasis on standard processes and consistent remediation patterns rather than one-off manual fixes.

“My Tasks” is a generic work queue and does not provide the purpose-built context or tooling required to confidently resolve duplicates in a safe, repeatable way. A standalone “de-duplication task module” may exist as a navigation entry, but the recommended operational method is to use the workspace dashboard where duplicate remediation is organized and guided as part of CMDB health and governance. Therefore, the correct answer is the de-duplication dashboard on CMDB Workspace.

In Data Foundations (CMDB and CSDM), relationship modeling must reflect real operational dependency so that incident triage, change impact analysis, and service visibility remain accurate. When an Application is hosted on a Server, the standard hosting-style relationship used in CMDB relationship governance is expressed as “Runs on::Runs”. This pairing represents the two directional descriptors of the same relationship type: from the application perspective it runs on the server, and from the server perspective it runs the application.

This matters because CMDB relationships are used by downstream capabilities (for example, dependency views, impact calculations, and governance rules). Using the correct out-of-box relationship descriptor pair ensures consistent reporting and prevents confusion when teams traverse relationships “upstream” and “downstream.” In addition, relationship governance rules and inheritance are commonly built around standard relationship types; using the correct “Runs on::Runs” semantics supports validation across subclasses (for example, specific application and server subclasses) without requiring custom relationship definitions.

The other options are either reversed (“Runs::Runs On”), represent different semantics (“Uses::Used by”), or do not align with the typical hosting relationship naming used for application-to-server hosting dependencies. Therefore, the correct relationship expression between an Application and a Server is Application > Runs on::Runs > Server.

The Unified Map in ServiceNow provides a consolidated view of services and their underlying components, integrating Discovery and Service Mapping data. To make this view actionable, Service Owners can apply filters to focus on relevant elements and reduce visual noise.

Filtering by CI type (Option A) is a core capability. It allows the Service Owner to show or hide categories such as servers, databases, load balancers, or applications—making it easier to analyze specific layers of the service.

Filtering by Business Criticality (Option D) is also available and highly valuable. This enables Service Owners to prioritize views around high-impact components, ensuring attention is focused on CIs that pose the greatest risk to service delivery.

Option B (Discovery source) is not typically exposed as a Unified Map filter because the map focuses on operational and service context, not ingestion provenance. Option C (Managed by group) is a governance attribute and is not a standard visual filter within the Unified Map.

Thus, the correct filter options are A – CI type and D – Business criticality.

In Data Foundations, “Insight” is about using health metrics to understand whether the CMDB is trustworthy and operationally usable. The CMDB Health Dashboard organizes health into scorecards that group related checks. When leadership asks for Duplicate CIs, Orphan CIs, and Stale CIs, they are asking about the CMDB’s ongoing hygiene and adherence to governance expectations—not simply whether fields are filled in.

These three metrics align best with Compliance because they represent whether CI records comply with rules that keep the CMDB clean and current over time:

Duplicate CIs indicate the identification and governance controls are not consistently preventing multiple records for the same real-world item.

Orphan CIs indicate relationship governance gaps—records exist without expected relationships or context, reducing their operational value and often signaling incomplete ingestion or lifecycle control issues.

Stale CIs indicate lifecycle management gaps—records are not being updated, attested, retired, or archived appropriately, which increases risk and noise in operational processes.

By contrast, Completeness focuses on whether required attributes are populated (owners, support group, environment, etc.). Correctness focuses on whether values and relationships are accurate and logically valid. While duplicates/orphans/stale can affect correctness indirectly, the dashboard’s grouping for these hygiene and lifecycle-oriented measures is best represented by Compliance, which is why B is the correct answer.

In ServiceNow Data Foundations, specifically within CMDB Data Manager, policies are used to enforce data quality, completeness, and governance across configuration items (CIs). When defining a Data Manager policy, administrators can configure task creation for non-compliant records and specify how those tasks are assigned. One key configuration is the Assignment type, where “User Group Field” allows assignment to a group dynamically based on a group reference field on the CI record.

Out of the box, ServiceNow provides two default and universally available group reference fields for this purpose:

Assignment Group

Managed By Group

These two fields are considered core CMDB governance fields and are consistently available across most CI classes. They align directly with ITIL 4 Service Configuration Management and CSDM accountability models, ensuring that remediation tasks are routed to teams responsible for operational ownership or technical management of the CI.

Assignment Group (Correct – D)This is the most commonly used operational field in ServiceNow. It represents the team responsible for working on tasks related to the CI and is fully supported by CMDB Data Manager for automated task assignment.

Managed By Group (Correct – C)This field represents the group accountable for managing the CI throughout its lifecycle. It is a standard CMDB field and is explicitly supported by Data Manager policies for governance-driven task routing.

The other options are not default Data Manager assignment fields:

Owned by Group is often added through extensions or governance customization and is not guaranteed to exist across all CI classes.

Support Group is a CSDM and ITSM operational concept, commonly derived or mapped, but it is not a default group reference field exposed for CMDB Data Manager task assignment.

From a Data Foundations and CSDM governance perspective, using Assignment Group and Managed By Group ensures consistent accountability, scalable automation, and alignment with CMDB best practices.

Data Foundations emphasizes that “ingest” must produce CMDB data that is standardized, supportable, and upgrade-safe. When introducing custom CIs, the best practice is to reuse the most appropriate existing CI class (or an approved industry-aligned model) and only add what is necessary—this keeps the data model aligned with platform expectations and reduces downstream rework.

Option B supports this directly: the CMDB CI Class Models application is intended to help teams select a suitable existing class rather than inventing new classes unnecessarily. Reusing existing classes improves consistency across integrations, Discovery/Service Mapping patterns, reporting, and CMDB Health rules—reducing technical debt and making future platform upgrades smoother.

Option A is also aligned with best practice when used correctly: once you have the right CI class, extending that class to add additional attributes (new fields) is a standard, upgrade-safe customization approach. It preserves the underlying platform data structures and avoids breaking out-of-box behaviors, identification/reconciliation practices, and CMDB Health evaluations.

Option C is not appropriate because Asset tables serve a different purpose (financial/lifecycle tracking) than CI tables (operational/service context). Mixing CI attributes into Asset classes creates confusion and process misalignment. Option D is strongly discouraged because repurposing and renaming base attributes creates long-term ambiguity, breaks shared semantics, and increases upgrade and maintenance risk.