Free Practice Questions for ServiceNow CSA Exam

In ServiceNow,Access Control Rules (ACLs)determine who cancreate, read, write, delete, or executerecords within a table. Each ACL rule evaluates three main permission requirements,all of which must be truefor the rule to apply. These requirements are:

TheConditions fieldin an ACL specifies predefined logic that must be met for the rule to apply.

Example: An ACL might specify that a record is only accessible if theStatefield is set to "Open".

Conditions areevaluated firstbefore checking roles or scripts.

ACLs can berestricted to users with specific roles.

If a user does not have the required role(s), the ACL denies access.

Example: Only users with the"itil"role can edit incidents.

If the ACL does not specify any role, all users may be eligible based on conditions and script evaluations.

ACL scripts provideadvanced conditional logicusingserver-side JavaScript.

Scripts allow complex rule evaluation, such as checking whether a user is the record’s creator.

Example: A script could restrict access to records wherecurrent.requested_for == gs.getUserID()(only allow users to see their own requests).

If a script is present in an ACL, it must returntruefor access to be granted.

Access control rules are only granted when all three evaluations return true.

Conditions act asfilters.

Roles definepermissions based on user roles.

Scripts allowadvanced access logic.

1. Conditions (A - Correct Answer)2. Roles (C - Correct Answer)3. Script (D - Correct Answer)Why "A. Conditions," "C. Roles," and "D. Script" are the Correct Answers?

B. Table – Incorrect

Access control appliesto specific tables, but defining a table itself is not one of the permission checks.

E. Table." – Incorrect

This is anincorrectly formatted optionand does not relate to access control evaluation.

F. Table.none – Incorrect

"Table.none" is not an evaluation factor in ACLs. Access control applies totable-level, field-level, and record-level, but "table.none" is not an access requirement.

Explanation of Incorrect Options:

ServiceNow Docs: Access Control Rules (ACLs) Overview

ServiceNow CSA Study Guide – Security and Access Control

ServiceNow Product Documentation: Evaluating ACLs and Permissions

References from Certified System Administrator (CSA) Documentation:

Thethree-bar iconin theForm headerof ServiceNow is commonly referred to as theHamburger icon. It provides access toadditional form actionsthrough acontext menu.

Opens adrop-down menuwith options such as:

Configure Form Layout

Configure Form Design

Insert and Stay

View History

Export Options

Helps users accessquick actionswithout navigating away from the form.

The icon consists ofthree horizontal lines, resembling ahamburger(bun-patty-bun).

This naming convention is widely used in web and mobile UI design.

Functions of the Hamburger Icon in ServiceNow:Why is it Called a "Hamburger Icon"?

Incorrect Answer Choices Explanation:A. Pancake Icon– No such term exists in ServiceNow UI terminology.

B. Additional Actions or Context Menu– While the icondoesprovide additional actions, "Context Menu" refers to right-click options or three-dot menus, not the three-bar menu.

D. Cake Icon– No such UI term exists in ServiceNow or general UI design.

Understanding the ServiceNow Form Header

ServiceNow UI Overview

Official CSA Documentation Reference:

When creating acustom table in ServiceNow, the platform automatically assigns a table name prefixed with"u_"to differentiatecustomtables fromout-of-the-box (OOB) tables.

The default prefix"u_"is applied to allcustom global tables.

The table name follows the format:"u_" + [custom name].

Example:

If you create a table named"abc", the system assigns it the table name:u_abc.

All custom tables created by usersautomatically receive the "u_" prefix.

Prevents conflicts withServiceNow’s internal tables.

Ensurescustom tables are easy to identify.

Naming Convention for Custom Tables:Why "C. u_abc" is Correct?

A. snc_abc – Incorrect

"snc_" is not used for custom tables; it is reserved forinternal ServiceNow functionality.

B. abc – Incorrect

Custom tablesdo not use raw names; they always include a prefix (u_).

D. sys_abc – Incorrect

"sys_" is reserved forsystem tables(e.g.,sys_user,sys_db_object).

Explanation of Incorrect Options:

ServiceNow Docs: Creating Custom Tables

ServiceNow CSA Study Guide – Table Administration

ServiceNow Product Documentation: Understanding Table Naming Conventions

References from Certified System Administrator (CSA) Documentation:

AnAccess Control rule (ACL)in ServiceNow defineswho can access dataandwhat actions they can performon that data. Each ACL consists of three primary components:

Object being secured– The specific table, field, or record that the rule applies to.

Operation– The type of action that is being secured (e.g., Read, Write, Create, Delete).

Permissions required– The conditions, roles, or scripts that determine whether access is granted.

ACLs evaluatewhether a user has permissionto access a specific table, field, or action.

Thesecurity rules are processed from most specific to least specific(e.g., field-level > table-level).

Permissions can be granted based onroles, conditions, or custom scriptsusing GlideSystem (gs).

A. Groups, Conditional Expressions, and Workflows(Incorrect)

ACLs do not manageworkflowsor directly control group assignments.

B. Table Schema, CRUD, and User Authentication(Incorrect)

CRUD (Create, Read, Update, Delete) permissions are controlled by ACLs, butUser Authenticationis managed separately through login policies (LDAP, SSO, etc.).

D. security_admin(Incorrect)

security_adminis aspecial elevated rolerequired to modify security settings, but it is not what an ACL specifies.

Access Control Rules Overview:https://docs.servicenow.com/en-US/bundle/utah-platform-security/page/administer/security/concept/access-control-rules.html

Configuring ACLs in ServiceNow:https://docs.servicenow.com/en-US/bundle/utah-platform-security/page/administer/security/task/t_CreateOrModifyAnAccessControl.html

How ACLs Work in ServiceNow:Explanation of Incorrect Options:Official References from Certified System Administrator (CSA) Documentation:

InServiceNow,Number Maintenanceis the application used to manage and modify numbering schemes for different tables, including theIncidenttable. Since the default prefix forIncident numbersis"INC", an administrator can modify it to a company-specific prefix (e.g.,"IN") by following these steps:

Navigate to the Number Maintenance Application:

Go toAll → System Definition → Number Maintenance

Search for theIncident table (task.number record for Incident).

Modify the Prefix:

Open the existingIncident numbering record.

Change thePrefixfrom"INC"to"IN".

Ensure theNext Numberfield is correctly set (e.g.,"IN0001001").

Save the Changes:

ClickUpdateto apply the new prefix.

All newly created incidents will now follow the new format (IN0001001).

Existing incidents are NOT affected—only newly created records will reflect the new prefix.

Steps to Change the Incident Number Prefix:Why Option A (Number Maintenance) is Correct?The Number Maintenance application is the correct place to modify prefixes for tables like Incident.

Why Other Options Are Incorrect?B. Create a Business Rule that modifies the prefix before the Insert operation→ Incorrect

Business Rulesdo not control number generation.

Number generation is managed byNumber Maintenanceat the system level.

C. The prefix of an incident cannot be changed because it is a built-in feature→ Incorrect

The prefixCAN be changedusing theNumber Maintenanceapplication.

Only existing records retain their original prefix; new records follow the updated format.

D. Submit a Change Request to ServiceNow Technical Support→ Incorrect

This isnot necessary, asadministratorscan make this change directly throughNumber Maintenance.

ServiceNow Docs – Number Maintenance Configurationhttps://docs.servicenow.com

ServiceNow Learning – Customizing Numbering Schemes

ServiceNow Developer Portal – Number Prefix Best Practices

References from Certified System Administrator (CSA) Documentation:

AConfiguration Item (CI)is any component thatneeds to be managed to deliver IT services. In ServiceNow, CIs are stored in theConfiguration Management Database (CMDB)and can include servers, applications, databases, network devices, and more.

Tracking & Management: Helps organizations track IT assets and their relationships.

Service Impact Analysis: Identifies how an issue with one component can affect related services.

Change Management Support: Ensures changes to IT assets are controlled and well-documented.

Incident & Problem Resolution: Provides insights into troubleshooting and root cause analysis.

Hardware: Servers, network devices, storage systems.

Software: Applications, databases, operating systems.

Services: Business services, IT services.

Documentation: Policies, SLAs, knowledge articles.

Why Are Configuration Items Important?Examples of Configuration Items (CIs):

Incorrect Answer Choices Explanation:A. CSDM Items– TheCommon Service Data Model (CSDM)is a framework for structuring CMDB data, but individual components in the CMDB are calledConfiguration Items (CIs).

B. CMDB– TheCMDB (Configuration Management Database)is thedatabasethat stores Configuration Items, but it is not a CI itself.

D. Service Offerings– AService Offeringrepresents a set of capabilities available to customers but is not the same as a CI.

E. Asset– AnIT Assetrefers to aphysical or virtual resourceowned by the organization, butnot all assets are CIs(e.g., a computer mouse may be an asset but not a CI).

ServiceNow CMDB Overview

Configuration Items (CIs)

Official CSA Documentation Reference:

AMany-to-Many (M2M) relationshipin ServiceNow allows two or more tables to be relatedbi-directionally, so that related records are visible in arelated liston both tables.

Unlike aOne-to-Many (1:M)relationship (where only one table references another), M2M relationshipslink records in both directions.

This is achieved through anintermediary table, known as aMany-to-Many table, which stores the relationships.

A Many-to-Many table contains:

Areference fieldfor each of the tables being linked.

The relationship records, which connect records between the two tables.

Suppose you want to relateIncidentstoProblemsand vice versa.

Instead of adding a reference field in each table, you create anm2m_incident_problemtable.

Now, an Incident can be linked tomultipleProblems, and each Problem can be linked tomultipleIncidents.

These relationships will be visible asrelated listsin both tables.

How Many-to-Many Relationships Work in ServiceNow:Example of a Many-to-Many Relationship:

Incorrect Answer Choices Explanation:A. Database View– Used tocombine data from multiple tablesfor reporting but does not establish abi-directional relationshipbetween tables.

C. One to Many (1:M)– Asinglerecord in one table relates tomultiplerecords in another, but the relationship isnot bi-directional.

D. Extended– Refers totable inheritance, where a table inherits fields from its parent table, not a Many-to-Many relationship.

Many-to-Many Relationships in ServiceNow

Understanding Table Relationships

Official CSA Documentation Reference:

InServiceNow Flow Designer, adata pillrepresentsvariables, record fields, or outputs from previous stepsthat can be used dynamically in the flow.

Data pillsallow flow designers to referencerecord datawithout manually specifying table fields.

Dragging a data pillonto a flow step ensures that the correct values areautomatically mappedfrom the referenced record.

This is the recommended method for using record datawithin a flow.

Why is Option D Correct?

Why Are the Other Options Incorrect?A. Drag the table icon onto the flow definition

IncorrectbecauseFlow Designer does not use table iconsfor referencing records.

Instead, it utilizesdata pills and actionsto retrieve and manipulate record data.

B. Use the condition builder to specify the desired values

Incorrectbecause thecondition builderis used fordecision logic(e.g., If-Else conditions), not for referencing record data.

C. Specify the source table on the data pill related list

Incorrectbecause youcannot manually specifya table in a data pill.

Data pills areautomatically createdwhen an action retrieves data from a record.

E. Add the table reference using the slush bucket

Incorrectbecauseslush bucketsare used in ServiceNow for selecting multiple items (e.g., roles, groups),not for referencing record data in a flow.

ServiceNow Flow Designer - Using Data Pills

ServiceNow Flow Designer - Best Practices for Record Referencing

ServiceNow ITSM - Automating Workflows with Flow Designer

References to Official Certified System Administrator (CSA) Documentation:

When creating acustom table in ServiceNow, the platform automatically assigns a table name prefixed with"u_"to differentiatecustomtables fromout-of-the-box (OOB) tables.

The default prefix"u_"is applied to allcustom global tables.

The table name follows the format:"u_" + [custom name].

Example:

If you create a table named"abc", the system assigns it the table name:u_abc.

All custom tables created by usersautomatically receive the "u_" prefix.

Prevents conflicts withServiceNow’s internal tables.

Ensurescustom tables are easy to identify.

Naming Convention for Custom Tables:Why "C. u_abc" is Correct?

A. snc_abc – Incorrect

"snc_" is not used for custom tables; it is reserved forinternal ServiceNow functionality.

B. abc – Incorrect

Custom tablesdo not use raw names; they always include a prefix (u_).

D. sys_abc – Incorrect

"sys_" is reserved forsystem tables(e.g.,sys_user,sys_db_object).

Explanation of Incorrect Options:

ServiceNow Docs: Creating Custom Tables

ServiceNow CSA Study Guide – Table Administration

ServiceNow Product Documentation: Understanding Table Naming Conventions

References from Certified System Administrator (CSA) Documentation:

InServiceNow, anUpdate Setis a mechanism used tocapture customizationsmade in an instance andmove them to another instance(e.g., from development to production). However, certain elements arenot included in an Update Set by default.

Homepages (A) –Correct

Homepages are stored asuser-specific or global content, and they are not included in update sets by default.

To migrate them, you need tomanually export/importthem or use thesys_portal_page_settable.

Data (B) –Correct

Update Setsdo not include actual data, such as incident records, user records, or CMDB data.

Onlyconfiguration changes(like fields, forms, and workflows) are captured.

Data migration must be handled separately usingData Export or Integration methods.

Published Workflows (C) –Correct

Once a workflow ispublished, it is stored as a runtime instance and not automatically included in an Update Set.

To capture it, you mustmanually updatethe workflow before moving it in an Update Set.

Report Definitions (H) –Correct

Reports and their configurations are not automatically included in Update Sets.

You mustmanually include themby marking them as "Captured in Update Set."

D. Business Rules(Captured in Update Sets)

E. Schedules(Captured in Update Sets)

F. Database changes(Captured in Update Sets)

G. Related Lists(Captured in Update Sets)

I. Scheduled Jobs(Captured in Update Sets)

J. Client Scripts(Captured in Update Sets)

K. Views(Captured in Update Sets)

ServiceNow Update Sets Overview:https://docs.servicenow.com/en-US/bundle/utah-application-development/page/build/system-update-sets/concept/c_UpdateSets.html

ServiceNow Update Set Best Practices:https://docs.servicenow.com/en-US/bundle/utah-application-development/page/build/system-update-sets/concept/update-set-best-practices.html

Items NOT Included in Update Sets (By Default):Items That ARE Included in Update Sets (By Default):Official References from Certified System Administrator (CSA) Documentation: