Free Practice Questions for ServiceNow CSA Exam

InServiceNow,User Impersonationallows anadmin or a user with the appropriate roleto temporarily act as another userwithout needing their password. This is mainly used fortesting and visibility, helping administrators and developers verify user permissions, role-based access, and UI experiences.

Testing Permissions & Roles

Ensures thatusers have the correct access rights(e.g., verifying ITIL user permissions for incident management).

Helps testUI Policies, Business Rules, and ACLs (Access Control Rules)by viewing the system from the perspective of different roles.

Debugging & Troubleshooting

Identifies why a usercannot access certain records or modules.

Helps inresolving permission-related issueswithout affecting live users.

Experience Validation

Ensures userssee the correct menus, fields, and optionsbased on their assigned roles.

Useful when developingnew applications, workflows, or Service Catalog items.

Admins and authorized userscan impersonate by clicking on their name in the top-right corner and selectingImpersonate User.

Once impersonated, all actions are logged for security and compliance.

Primary Functions of User Impersonation:How to Use Impersonation:

(A) Testing and visibility – Correct

The primary function ofuser impersonationis totest and verify what different users can see and doin the system.

It helps withdebugging UI, role-based access, ACLs, and workflow execution.

(B) Activate verbose logging – Incorrect

Verbose loggingis used fordetailed debugging and performance monitoring, butimpersonation does not enable logging features.

(C) View custom perspectives – Incorrect

ServiceNow doesnotuse the term "custom perspectives" in the context of impersonation.

Impersonationshows what a specific user sees based on their roles, but it doesnot create custom perspectives.

(D) Unlock Application master list – Incorrect

There isno such featureas an "Application Master List" that requires impersonation to unlock.

Application access is controlled byroles and permissions, not impersonation.

Explanation of Each Option:

Never impersonate a user without permission, especially in production environments.

All impersonation actions are loggedin the system for security and auditing purposes.

Use impersonation in a sub-production (development or test) instancebefore making changes to production.

Admins should use impersonation instead of logging in with test user accountsto maintain security and accountability.

Additional Notes & Best Practices:

ServiceNow Docs: Impersonating Users

https://docs.servicenow.com

ServiceNow Community: Best Practices for User Impersonation

https://community.servicenow.com

References from Certified System Administrator (CSA) Documentation:

In ServiceNow, reports can be created from multiple locations within the platform. Reports provide insights into data stored within the system and help visualize trends, patterns, and key performance indicators (KPIs). The two correct locations from which reports can be created are:

ServiceNow allows users to create a report directly from a list view.

This feature is useful when working with records in a table, as it enables quick reporting based on the visible columns.

To generate a report from a list view:

Navigate to a list view (e.g., Incidents, Requests, etc.).

Click on acolumn headingto access the context menu.

SelectBar Chart, Pie Chart, or other visualization optionsto generate an instant report.

If needed, refine the report using the reporting interface.

TheView / Run moduleis the primary location for creating and managing reports in ServiceNow.

It allows users tocreate new reports, modify existing reports, and run pre-built reports.

Users can access theReport Designerfrom this module, where they can configure:

Data sources (tables)

Report type (bar chart, pie chart, trend, etc.)

Filters and conditions

Visualization settings

To access it:

Navigate toReports > View / Runin the Application Navigator.

ClickCreate a Reportto start building a new report.

1. List Column Heading (Correct)2. View / Run Module (Correct)Why the Other Options Are Incorrect:B. Metrics module (Incorrect)

TheMetrics modulein ServiceNow is used to track and measure the performance of records over time, but it isnot used to create reports.

Metrics focus on data such astime to resolution, SLA compliance, and process efficiency, but reporting is handled separately in the Reports module.

C. Statistics module (Incorrect)

ServiceNow does not have a dedicatedStatistics modulefor report creation.

While reports can generate statistical insights, this is done within theView / Run moduleand not a standalone "Statistics module."

In computing and networking, aclientrefers to anapplication or system that accesses a remote service or another computer system (known as a server). The client-server model is a fundamental concept in computing, where:

A client sends requeststo a server.

The server processes the requestand sends back a response.

This architecture is widely used inweb applications, databases, and ServiceNowitself, whereclients interact with the ServiceNow platform (server) via a web browser or API requests.

In ServiceNow, theclienttypically refers toa user’s browser or an external system making requests via API calls.

Theserveris the ServiceNow instance, which processes requests and returns responses.

Client-side scripts(such asClient ScriptsorUI Policies) run on the user's browser, whileserver-side scripts(such as Business Rules and Script Includes) execute on the ServiceNow server.

How This Relates to ServiceNow:

A. Server→ A serverreceives requestsand processes them but is not the requesting entity.

C. Script→ A script is apiece of codethat executes certain actions but does not represent an entire system accessing a service.

D. Policies→ Policies definerules or behaviors(e.g., UI Policies, Data Policies) but do not access a remote service.

Why Other Options Are Incorrect:

ServiceNow Documentation:Client and Server in ServiceNow

CSA Exam Guide:CoversClient and Server architecturein ServiceNow.

Reference from CSA Documentation:

Abusiness rulein ServiceNow is a server-side script written inJavaScriptthat executes when a record is inserted, updated, deleted, or queried. Business rules allow for automation and enforcement of business logic without requiring manual intervention.

Business rules arenot tied to formsbut instead runon the server-sidewhen a database operation occurs. They can be configured to execute:

Beforea record is saved (Before Business Rule)

Aftera record is saved (After Business Rule)

Asynchronously(Async Business Rule)

Before a query is run on the database(Query Business Rule)

Explanation of the Correct Answer:B. A business rule can be a piece of JavaScript(Correct)

Business rules are written inJavaScript, allowing administrators to define custom logic that executes on the server.

These scripts can modify data, enforce rules, validate fields, or trigger other workflows.

Example JavaScript snippet for a business rule:

if(current.state=='3'&& current.priority!='1') {

current.priority='1';

gs.addInfoMessage("Priority set to High because state is Resolved.");

}

This rule ensures that if an incident's state is changed toResolved, its priority is automatically set to High.

Why the Other Options Are Incorrect:A. A business rule must run before a database action occurs (Incorrect)

Business rulescan run before a database action occurs, but they can also executeafterorasynchronously.

Business rules have four execution types:

Before– Runs before the record is inserted/updated in the database.

After– Runs after the record is committed to the database.

Async– Runs in the background after the transaction completes.

Query– Runs before data is returned to a user (modifies query results).

C. A business rule must not run before a database action occurs (Incorrect)

This is false because some business rulesdo run beforea database action (e.g., aBefore Business Rulecan validate data before saving).

D. A business rule monitors fields on a form (Incorrect)

Business rulesdo not monitor form fields directly. Instead, they execute based on database operations.

If real-time monitoring of form fields is needed,Client Scripts(not Business Rules) are used for this purpose.

Automaticallyassigning prioritybased on ticket severity.

Preventing updates to certain records if a condition is not met.

Sending email notifications when a record changes.

Modifying data before it is saved to enforce business policies.

Example Use Cases for Business Rules:

InServiceNow, aListis a visual representation ofmultiple records from a table. Lists allow users to view, filter, sort, and interact with records in a structured tabular format.

Displays multiple recordsfrom a table.

Columns represent fieldsof the table.

Users can personalize the list(e.g., adjust columns, apply filters, and sort).

Common Actions:

Inline editing

Searching

Exporting data

Grouping and filtering

A. View

AViewdefines how data is displayed, but it is not a list itself.

Example: Differentform viewscan be created for the same table.

B. Dashboard

ADashboardis a visual representation of reports and performance analytics.

It doesnot display raw table recordsdirectly.

C. Panel

No such term as "Panel" exists in ServiceNow for displaying records from a table.

Key Features of Lists:Why Other Options Are Incorrect?

Lists Overview

ServiceNow Lists Documentation

Personalizing Lists

List Personalization Guide

References from ServiceNow CSA Documentation:Final Verification:Answer is 100% correct and aligned with official ServiceNow Certified System Administrator (CSA) documentation.

n ServiceNow, theList Editorallows users to edit field values directly within a list without opening the record in a form. This feature is particularly useful for making quick modifications to multiple records without the need to open each one individually.

Users navigate to a list view of records (e.g., an incident list).

If a field is editable via the List Editor, clicking on it will allow inline editing.

After making changes, users can pressEnteror click outside the field to save.

Inline Editing:Users can modify fields directly from the list.

Multi-Row Editing:Certain fields support bulk updates.

Security Controls:Admins can control which fields are editable via List Editor through dictionary settings.

Audit and History Tracking:Changes made via List Editor are logged for tracking purposes.

A. Data Editor:No such term as "Data Editor" exists in ServiceNow.

B. Edit Menu:This does not refer to inline editing; instead, it's a general menu for editing options.

D. Form Designer:Used for configuring form layouts, not for inline editing.

ServiceNow Product Documentation → Lists and List Editing

ServiceNow CSA Exam Guide → Covers List Editor as a core feature of instance configuration.

How List Editor Works:Key Features of List Editor:Why Other Options Are Incorrect:Reference from CSA Documentation:This verifies thatList Editoris the correct answer.

Thesix methods available for user authenticationin ServiceNow are:

Local Database– The user authenticates using a username and password stored in theinstance database.

Multifactor Authentication (MFA)– The user provides their username, password, and apasscode(e.g., from Google Authenticator).

LDAP (Lightweight Directory Access Protocol)– The user authenticates using credentials stored in a corporateLDAP directory.

SAML 2.0 (Security Assertion Markup Language)– The user is authenticated via an externalSAML Identity Provider (IdP).

OAuth 2.0– The user authenticates via anOAuth identity provider(such as Google, Microsoft, or Facebook).

Digest Token Authentication– The user authenticates using anencrypted tokenrather than directly submitting a password.

Thus, the correct answer is:

A, B, C, D, E, F

ServiceNow supports multiple authentication methods to provideflexibility, security, and integration capabilitieswith external identity providers.

Local Database Authentication:

ServiceNow storesusernames and passwordsin the internal database.

Users authenticate directly with the instance.

This method is commonly used when no external authentication provider is configured.

Multifactor Authentication (MFA):

Enhances security by requiringtwo authentication factors:

Username and password(stored in the database).

Passcodefrom a registered device (such as Google Authenticator, Microsoft Authenticator).

MFA helpsprevent unauthorized accesseven if credentials are compromised.

LDAP Authentication:

Allows users toauthenticate against an external LDAP directory(such as Microsoft Active Directory).

The user must have amatching record in the ServiceNow user table ([sys_user]).

ServiceNowdoes not store passwordswhen using LDAP; it only validates credentials against the directory.

SAML 2.0 Authentication:

Users authenticate via aSAML Identity Provider (IdP)such asOkta, Microsoft Azure AD, or Ping Identity.

ServiceNow acts as aService Provider (SP)and does not store passwords.

ProvidesSingle Sign-On (SSO)capabilities.

OAuth 2.0 Authentication:

Allows authentication viaOAuth providers(Google, Facebook, Microsoft, etc.).

Users do not need to store passwords in ServiceNow; instead, authentication is delegated to theOAuth identity provider.

Digest Token Authentication:

Uses anencrypted token(instead of a plaintext password) to authenticate users.

Often used forAPI-based authenticationor scenarios where passwords should not be transmitted over the network.

Each method aligns with ServiceNow's authentication mechanisms as per official documentation.

ServiceNow supports a hybrid authentication approach, allowing multiple methods to coexist.

ServiceNow Docs – Authentication Methodshttps://docs.servicenow.com

ServiceNow Security Best Practices – Authentication & Access Controls

ServiceNow Developer Portal – SSO & OAuth Authentication

Why These Are the Correct Methods?References from Certified System Administrator (CSA) Documentation:

In ServiceNow, eachKnowledge Base (KB)can have unique configurations, includinglifecycle workflows, user criteria, category structures, and management assignments. This flexibility allows organizations to manage knowledge articles according to different business needs, departments, or service functions.

Each knowledge base can have a customworkflowthat defines how articles are created, reviewed, published, and retired.

Examples of workflow stages:Draft → Review → Published → Retired.

Workflows ensure proper governance and content accuracy before publishing.

ServiceNow allows administrators to defineUser Criteriato controlwho can read, create, or contributeto a knowledge base.

Example:

IT Knowledge Base is only accessible to users with theITIL role.

HR Knowledge Base is only available toHR employees.

Each knowledge base can have a uniquecategory hierarchyto organize articles efficiently.

Example:

IT KB Categories:Hardware, Software, Network.

HR KB Categories:Benefits, Policies, Payroll.

Different knowledge bases can have different owners or managers.

Example:

IT KB is managed byIT Support Team.

HR KB is managed byHR Admins.

ServiceNow allows multiple knowledge bases with distinct configurations.

Each knowledge base can haveits ownworkflow, user criteria, categories, and managers.

This ensuresflexibility and proper governancein knowledge management.

ServiceNow Docs: Knowledge Management Overview

ServiceNow CSA Study Guide – Knowledge Base Administration

ServiceNow Product Documentation: Configuring Knowledge Bases

Key Aspects of Knowledge Base Customization:1. Unique Lifecycle Workflows2. User Criteria (Access Control)3. Category Structures4. Management AssignmentsWhy "A. True" is the Correct Answer?References from Certified System Administrator (CSA) Documentation:

In ServiceNow,record numbers are automatically generated and incrementedby the system. Each record created in a table receives a unique identifier based on a predefinednumber format.

Each table that extends the "task" or other core tables has a default numbering format.

Numbering is automatic, meaning users donothave to manually increment numbers.

The numbering format follows aprefix + incremental number(e.g., INC0001001 for incidents, CHG0002001 for changes).

The system ensuresunique sequential numberingwithin each table.

How Record Numbering Works:Configuring Auto-Numbering:Admins can customize numbering formats by modifying the"Number Maintenance"module:

Navigate toSystem Definition → Number Maintenance.

Select a table and configure theprefix, length, and starting number.

Changes apply automatically to new records created in that table.

Record numbersdo not require manual updates; the system handles it automatically.

Users can changeformat settings, butcannot manually increment individual record numbers.

ServiceNow prevents duplicate numbers to maintain data integrity.

Why "False" is the Correct Answer:

Manual incrementing isnotrequired or possible for individual records.

The platform automatically assigns the next sequential number to each record.

Why "True" is Incorrect:

ServiceNow Documentation:Number Maintenance

CSA Exam Guide:Coversautomatic record numbering and Number Maintenance settings.

Reference from CSA Documentation:Thus, the correct answer is:

B. False

Update Setsin ServiceNow are used tocapture customizations and configurationsmade in an instance, allowing these changes to be moved between instances (e.g., from development to test or production). ServiceNow provides best practices to ensure smooth migration and avoid issues with missing or conflicting updates.

What is an Update Set?

AnUpdate Setis a collection of customizations (e.g., changes to forms, scripts, workflows, business rules) that can be moved from one instance to another.

Ittracks changesin a controlled way, preventing accidental loss of configurations.

Why Avoid Using the Default Update Set?

TheDefault Update Setis automatically used when no other update set is selected.

It captures changesbut should never be used for instance-to-instance migrationsbecause:

Itcannot be exported.

It contains system changes that arenot logically grouped.

It can causeinconsistencies and missing dependencieswhen moving updates.

Instead, administrators shouldcreate a named Update Setfor specific development work.

Understanding Update Sets in ServiceNow:

Why Answer "A" is Correct:✔️"Avoid using the Default Update Set as an Update Set for moving customizations from instance to instance."

This follows ServiceNow’sbest practicesfor managing Update Sets.

Using theDefault Update Setcan lead tomissing updates, conflicts, and untracked changes, making migrations unreliable.

Why the Other Answers Are Incorrect:B. "Before moving customizations from instance to instance with Update Sets, ensure that both instances are different versions."

Incorrectbecause ServiceNowrecommends that instances be on the same versionbefore applying Update Sets.

If instances are ondifferent versions, the Update Set may includeincompatible changes, causing failures.

C. "Use the Baseline Update Set to store the contents of items after they are changed the first time."

Incorrectbecause there is no such thing as a "Baseline Update Set" in ServiceNow.

ServiceNowdoes not automatically create a backup of original configurations—administrators should manually create an Update Set before making changes.

D. "Once an Update Set is closed as 'Complete,' change it back to 'In Progress' until it is applied to another instance."

Incorrectbecausea completed Update Set should not be reopened.

Once markedComplete, an Update Set isready for export and migration. Reopening it can causedata integrity issuesand confusion in version control.

ServiceNow CSA Study Guide – Update Sets & Configuration Management

ServiceNow Docs: Best Practices for Update Sets(ServiceNow Documentation)

ServiceNow Docs: Moving Customizations with Update Sets

References from the Certified System Administrator (CSA) Documentation: