ServiceNow · Free Practice Questions · Last reviewed May 2026
54real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.
A company is building a ServiceNow application to manage employee onboarding. They need to store personal data like social security numbers (SSNs) and medical information. Which data classification scheme should they apply to these fields to ensure proper encryption and access controls?
Confidential
Internal
Highly Confidential
Correct, this is the highest classification for sensitive personal data.
Public
An administrator notices that a scheduled job, 'Update Asset Status', fails every night with a 'Script timeout' error. The job updates a large number of records in the Asset table. Which approach should the administrator take to resolve the timeout issue?
Add a business rule to run asynchronously for each update
Increase the timeout value in the scheduled job configuration
Split the job into multiple smaller jobs running sequentially
Rewrite the job to use GlideAggregate with query and update in bulk
Bulk database operations reduce script execution time.
A developer needs to create a new table in ServiceNow to track project milestones. The table should have a reference field to the Project table and a date field for the milestone date. Which data type should be used for the reference field?
GlideRecord
Integer
String
Reference
Reference field links to a record in another table.
During development, a developer creates a new application module and adds a table 'x_abc_incident' with a reference field to the 'sys_user' table. The developer wants to ensure that when a user is deleted, all related incident records are also deleted. What database constraint should be configured on the reference field?
Cascade delete
Cascade delete removes child records when parent is deleted.
No action
Restrict delete
Set null on delete
A company has a custom table 'u_training_course' with a reference field to 'sys_user' named 'u_instructor'. The requirement is that only users with the 'instructor' role can be selected in this field. Which approach should be used to enforce this?
Create a business rule on the table to check the role and reject invalid selections
Add a reference qualifier on the field to filter users with the 'instructor' role
Reference qualifiers restrict the list dynamically.
Use a client script to validate the selection before form submission
Configure an ACL on the reference field to restrict write access
A developer needs to import data from a CSV file into a custom table. Which ServiceNow module should be used for this task?
Scheduled Jobs
Update Sets
Import Sets
Import Sets allow loading data from files and mapping fields.
Data Source
Want more Working with Data practice?
Practice this domainA company is integrating ServiceNow with an external system using REST API. The integration is failing with a 401 Unauthorized error. The integration user's credentials are correct and the user has the 'rest_service' role. What is the most likely cause of the failure?
The password for the integration user does not meet complexity requirements.
The integration user does not have the 'rest_api' role.
The OAuth token used for authentication has expired or is invalid.
401 Unauthorized indicates authentication failure; expired/invalid OAuth token is a common cause.
The integration is hitting a table ACL that denies read access.
An administrator wants to enable inbound email integration to automatically create incidents from emails sent to support@company.com. What is the first step in configuring this?
Enable the Email Integration plugin.
Configure an email account (mailbox) to receive emails.
The first step is to set up an email account (mailbox) to receive emails, then create inbound actions.
Create an inbound email action.
Create an ACL to allow email processing.
A ServiceNow instance is being integrated with an external HR system using a SOAP message. The SOAP call is failing intermittently. The developer notices that the XML payload contains special characters like '&' and '<'. What is the best practice to handle these characters in SOAP messages?
Wrap the payload in a CDATA section.
Encode the entire payload in Base64.
Use URL encoding for the payload.
Escape the characters using XML entities (e.g., & for &).
Escaping special characters ensures well-formed XML and is the standard practice.
A company wants to allow their customers to submit requests via email. The email should create a new record in the 'Request' table. Which component should be used to define the mapping of email fields to the ServiceNow table fields?
Inbound Email Action
Inbound email actions define conditions and scripts to map email fields to table fields.
Email Account
Inbound Email Script
Email Notification
A developer is building a REST API endpoint in ServiceNow to return data from the 'incident' table. The API should only return incidents assigned to the caller. Which method should be used to filter the records based on the caller's user ID?
Use the 'sysparm_display_value' parameter.
Use the 'sysparm_query' parameter with an encoded query.
sysparm_query allows filtering using encoded queries.
Use the 'sysparm_limit' parameter to limit results.
Use the 'sysparm_fields' parameter to specify fields.
Which TWO of the following are valid methods to authenticate a REST API call to ServiceNow?
SAML assertion authentication.
LDAP authentication.
Basic Authentication with username and password.
Basic Authentication is supported.
API Key authentication.
OAuth 2.0 authentication.
OAuth 2.0 is supported for REST API.
Want more Platform Features and Integration practice?
Practice this domainA company needs to integrate ServiceNow with an external HR system using REST API. The HR system requires OAuth 2.0 client credentials grant. Which ServiceNow application should be used to configure this integration?
REST API Explorer
Flow Designer
REST API Message
REST API Messages allow configuration of outbound REST calls, including OAuth authentication.
IntegrationHub
A ServiceNow admin is troubleshooting a data import from an external database via JDBC. The import runs successfully but only loads partial data. Which is the most likely cause?
The scheduled import job was interrupted by another job
The transform map has a filter that excludes certain records
The field mapping is incorrect and some fields are not being populated
The JDBC driver has a default row limit that caps the number of records imported
ServiceNow JDBC imports have a default limit of 50,000 rows, which can be adjusted in the datasource configuration.
An organization uses ServiceNow Discovery to populate the CMDB. They notice that some CI relationships are missing after a discovery run. The discovery logs show no errors. What is the most likely cause?
The MID server credentials do not have permission to query relationship data
The CI Class Manager does not have the correct relationship types defined for the discovered CIs
The CI Class Manager defines which relationships are possible between CI classes. If a relationship type is missing, it won't be created.
The discovery probes are not configured to capture relationships
The CMDB is set to read-only mode
A company is integrating ServiceNow with an external ticketing system using a custom REST API. The integration should push updates from ServiceNow to the external system when a change request is approved. Which ServiceNow feature is best suited for this?
REST API Explorer
Business Rule with outbound REST call
Business Rules can trigger on record updates and make outbound REST calls using the RESTMessageV2 API.
Access Control List (ACL)
Scheduled Job
Which TWO actions should a developer take when designing an inbound email integration in ServiceNow to ensure proper data mapping? (Choose two.)
Set up an ACL to allow the email user to write to the target table
Ensure the email includes an attachment with the data
Configure the inbound email action to trigger on the appropriate table
The inbound action must be associated with the table where records will be created or updated.
Create a connection to the external email server
Use the email parsing script to extract fields from the email body
Scripts can parse structured data (e.g., JSON) from the email body.
A developer is creating a REST API integration that retrieves data from an external system and updates ServiceNow records. Which THREE considerations are critical for handling authentication securely? (Choose three.)
Enable credential monitoring in the Security Operations Center
Configure the external system to authenticate ServiceNow requests
Store credentials in the ServiceNow Credential Store instead of scripts
The Credential Store encrypts and manages secrets, reducing exposure.
Use OAuth2.0 with refresh tokens for long-lived access
Refresh tokens allow secure renewal without storing long-lived secrets.
Ensure the REST endpoint uses HTTPS
HTTPS encrypts data in transit, preventing interception.
Want more Integrating and managing application data practice?
Practice this domainA developer writes a business rule to run on 'before' update of the Incident table. The rule sets a short description only if it is empty. However, the short description is never set even when it's empty. What is the most likely cause?
The developer used gs.setValue() instead of current.setValue().
gs.setValue() is not a valid method; current.setValue() must be used to set field values in business rules.
The business rule runs after the database update.
The condition 'short_description IS EMPTY' is evaluated on the old value.
The business rule is set to run on insert only.
A company needs to automatically update the 'Assignment group' field on the Change Request table to 'Change Management' when the 'Category' field is set to 'Network'. Which type of business rule should be used?
Display business rule
Async business rule
After business rule
Before business rule
Before rules run before the database write and can set field values that will be saved.
A developer creates a business rule on the Incident table that executes a GlideRecord query to update related records. The rule runs on 'after' update and queries the Problem table to set a field. However, the update is not being committed. What is the most likely reason?
The developer forgot to use gr.insert() instead of gr.update().
The GlideRecord query requires an explicit gr.updateMultiple() or gr.commit() to persist changes.
When updating multiple records, gr.updateMultiple() is needed to commit all changes at once.
After business rules cannot update other tables.
The query returns more than 100 records, causing a governor limit.
A developer needs to create a business rule that runs only when the 'State' field of an Incident changes from 'New' to 'In Progress'. Which condition script should be used?
current.state.changes() && current.state.changesFrom('New')
This correctly checks that the state changed and the previous value was 'New'.
current.state == 'New' && current.state.changesTo('In Progress')
current.state.changes() && previous.state == 'New'
current.state.changesTo('In Progress')
A company has a business rule on the Task table that runs on 'before' insert. The rule uses current.gotoField('short_description') and current.setValue('short_description', 'Default'). The rule is ordered to run at 500. However, a second business rule on the same table with order 100 also sets the short_description. What will be the final value of short_description?
'Default'
The rule with order 500 runs last and sets the value to 'Default'.
Both values will be concatenated
The value set by the rule at order 100
The field will be empty because gotoField() clears it
Which TWO of the following are valid ways to trigger a business rule? (Choose two.)
Form load
Insert
Business rules can run on insert.
Timer event
Update
Business rules can run on update.
Inbound email receipt
Want more Automating application logic with business rules and scripts practice?
Practice this domainA developer is creating a custom application in ServiceNow Studio and wants to ensure that the application can be easily installed in other instances without conflicts. Which approach should the developer follow?
Develop the application in global scope and manually copy components to target instances.
Use the 'Application' module in the navigator to create a new application without scope.
Create the application with a unique scope prefix in Studio and export as a scoped application.
Scoped applications provide isolation and easy distribution.
Create the application in the global scope and use update sets for distribution.
A developer needs to add a new table to an existing scoped application in ServiceNow Studio. What is the correct sequence of steps?
Open Studio, select the application, click 'Create Application File', choose 'Table', and define the table.
This is the standard method to add a table to a scoped application in Studio.
Navigate to 'Tables' module, create a new table, and then assign it to the application.
Open Studio, select the application, navigate to 'System Definition' > 'Tables' and create the table.
Open Studio, go to 'Application Files', click 'New', select 'Table' and configure.
A developer is troubleshooting a business rule in a scoped application that is not triggering. The rule is set to run 'before' query, with condition 'current.state == 1'. The table has read ACLs that restrict access. What is the most likely reason the business rule is not executing?
The condition 'current.state == 1' is incorrect syntax.
Another business rule with higher order is preventing execution.
The user does not have read access to the records, so the query does not execute the rule.
Before query rules run only if the user can access the records.
The business rule is scoped and cannot access the table.
A developer wants to use ServiceNow Studio to create a client script that runs when a form loads and sets a field value based on the current user's department. Which type of client script should be used?
onLoad client script
onLoad runs when the form is opened.
onChange client script
onSubmit client script
onCellEdit client script
A developer is building a custom application that requires a scheduled job to run every hour and check for overdue tasks. In ServiceNow Studio, what is the best way to implement this?
Set up a REST API endpoint that external cron jobs call every hour.
Create a Business Rule that runs on 'after' insert and update to check for overdue tasks.
Use Flow Designer to create a scheduled flow that runs every hour.
Create a Scheduled Job in Studio that runs every hour and executes a script to check overdue tasks.
Scheduled Jobs are designed for periodic execution.
A developer is creating a scoped application and needs to reference a global table (e.g., 'sys_user') from a business rule. Which TWO statements are true regarding cross-scope access?
Scoped applications can create records in global tables via GlideRecord without restrictions.
Scoped applications can call global script includes by default.
To write to a global table, the application must be granted the 'global' scope or have appropriate ACLs.
Writing requires explicit permission.
Scoped applications can update global tables without any additional configuration.
Scoped applications can read global tables using the 'global.' prefix.
Reading global tables is allowed by default.
Want more Application development using ServiceNow Studio practice?
Practice this domainA developer is creating a custom table for tracking hardware assets. The table must have fields for asset tag, serial number, and purchase date. The developer wants to ensure that the asset tag is automatically generated using a prefix followed by an incrementing number. Which approach should the developer use?
Use a calculated value that dot-walks to a number table
Set the default value of the asset tag field to 'AST-' + sys_id
Create a business rule that calculates the asset tag using a script that increments a counter
A business rule can generate a unique, incrementing asset tag.
Configure a dictionary override on the asset tag field to auto-generate
An organization has a custom table 'u_incident_task' that extends 'task'. They need to allow users to create records in this table from the 'Incidents' module. The 'u_incident_task' table should appear as a related list on the incident form. However, the related list is not showing the 'New' button. What is the most likely cause?
There is no reference field on 'u_incident_task' pointing to the incident table
A reference field is needed to associate records and enable creation.
The table is in a different application scope
The table does not extend 'incident'
The user does not have the required role
A developer needs to create a new table to store custom survey responses. The table should have a field to store the survey name and a field to store the response text. The developer wants to ensure that the table is available in the 'Surveys' application module. Which property must be set on the table?
Application scope
Table name
Table label
Application module
This defines the module where the table appears.
A developer is working with a custom table 'u_project_task' that has a reference field 'u_project' pointing to the 'project' table. The developer wants to create a new field 'u_category' that lists values from a choice list, but the list should be filtered based on the value of 'u_project.u_type'. Which field type should be used?
Choice field with a dependent choice list
Dependent choice lists allow filtering based on a parent field.
Choice field with a static choice list
Calculated value using a script
Reference field to a table of categories
A company has a custom table 'u_employee' with fields: 'first_name', 'last_name', 'department'. They want to create a unique index on the combination of 'last_name' and 'department' to prevent duplicate entries. Where should this index be defined?
In the table schema map
In the table's dictionary record via the Indexes related list
Indexes are added to the table's dictionary.
In the dictionary entry for each field
In the sys_dictionary table directly
A developer needs to create a new table that will store confidential employee feedback. The table must have the following characteristics: (1) Only authorized HR users can read the records. (2) The table should use the 'task' model to leverage assignment and state fields. (3) The table should be accessible via web services for integration. Which TWO actions are required to meet these requirements?
Set the 'table' access policy to 'Internal'
Extend the 'incident' table instead of 'task'
Enable the 'Allow web service access' property on the table
Extend the 'task' table
Task provides assignment and state fields.
Create ACLs on the table to restrict read access to HR users
ACLs enforce record-level security.
Want more Creating and customizing tables and data practice?
Practice this domainA ServiceNow developer is designing a portal for end users to submit requests. The requirements state that users should be able to track the status of their requests and receive notifications when the status changes. Which combination of ServiceNow features best meets these requirements?
Service Portal and Access Controls (ACLs)
Service Portal and Catalog Client Scripts
Service Portal and Notifications
Service Portal provides the interface; Notifications send status updates.
Service Portal and UI Policies
A developer is troubleshooting a Service Portal widget that loads slowly. The widget uses a server script that queries a large table without any filters. Which design change would most improve performance?
Add client-side caching using $scope
Load the widget using ng-if instead of ng-show
Create a custom table with only required fields
Add a filter condition in the GlideRecord query
Filtering reduces the result set, improving query performance.
A developer needs to create a field on the Incident form that shows a red background when the priority is 'Critical'. Which feature should be used?
UI Policy
UI Policies can change field attributes like style based on conditions.
Business Rule
Access Control (ACL)
Client Script
A Service Portal widget displays a list of catalog items. Each catalog item should link to a record producer that opens in a modal dialog. Which approach should the developer use to open the modal?
Use $scope.$broadcast to trigger a modal event
Use spModal.open with the record producer sys_id
Use $uibModal.open to create a modal with a custom template
$uibModal is the Angular UI Bootstrap service for modals.
Use window.open to open the record producer URL
A developer is designing a custom application with a table that stores sensitive employee data. The requirement is that only managers can view records where they are the manager of the employee. Which two configurations are needed to implement this requirement?
Use a UI Policy to set fields to read-only or invisible for non-managers
UI Policies can set field attributes like visible or read-only based on conditions.
Create an ACL with a condition script that checks if the logged-in user is the manager of the record's employee
ACLs control read access based on conditions.
Create a new view that excludes sensitive fields
Create a Business Rule that deletes records if the user is not the manager
Use a Client Script to hide fields if the user is not the manager
Which three elements are required to create a Service Portal widget that displays data from a table?
A widget dependency
An HTML template
Defines the widget's user interface.
A server script (Server-side script)
Fetches data from the database.
A CSS stylesheet
A client controller (AngularJS)
Manages client-side logic and data binding.
Want more Designing interfaces and user experiences practice?
Practice this domainA company has a custom table 'u_asset' with a reference field 'u_location' pointing to 'cmn_location'. When a user changes the location on an asset record, the system must automatically update the location on all related 'u_asset_software' records. Which approach should the developer use?
Create a Client Script that runs on load to update related records.
Create an ACL to automatically propagate changes.
Create a Business Rule that runs on update of the 'u_asset' table and updates related records.
Business Rules run server-side and can update related records.
Create a UI Policy that sets the location field on related records.
A developer needs to create a new application scope. Which of the following is a best practice when defining the scope?
Set the scope to 'Protected' to prevent other applications from modifying its records.
Protected scope prevents unauthorized modifications.
Use the global scope to avoid access restrictions.
Use a scope name that is already in use to leverage existing configurations.
Create the scope and later change the name if needed.
A developer wants to send an email notification when a new incident is created. Which component should be configured to trigger the notification?
Use Flow Designer to create a flow that sends an email.
Write a Business Rule that calls the email utility.
Create a Notification record with the condition 'New' and 'Action: record inserted'.
Notifications are the standard way to send emails on record events.
Create an ACL with email action.
An application has a custom table 'u_project' with a field 'u_status' (choice list: Not Started, In Progress, Completed). The developer wants to prevent any update to the record if the status is 'Completed'. Which approach should be used?
Create a Database View that filters out Completed records.
Create a Client Script that sets the field to read-only when status is Completed.
Create a Business Rule with condition 'current.u_status.changesTo("Completed")' and set 'current.setAbortAction(true)' in the script.
Business Rules can abort actions before they occur.
Create a UI Policy to disable the entire form when status is Completed.
A developer is creating a catalog item that requires a user to upload a file. Which variable type should be used?
Attachment
Attachment variable type allows file uploads.
Multi Line Text
Single Line Text
Checkbox
A company has a custom table 'u_incident_task' that extends 'task'. The developer wants to add a field 'u_approval' that is a reference to 'sysapproval_approver'. Which method is the correct way to create this field?
Create a 'List' field type and set the table to sysapproval_approver.
Create a 'Reference' field and set the reference table to 'sysapproval_approver'.
This creates a proper reference to the sysapproval_approver table.
Create a 'Reference' field and set the table to 'task' and the reference field to 'sysapproval_approver'.
Create a 'Choice' field and populate it with sysapproval_approver values.
Want more Core Application Development practice?
Practice this domainA developer is asked to add a custom button to the Service Portal form for the 'incident' table. The button should trigger a client script that displays a confirmation dialog before submitting the form. Which approach should the developer use?
Create a UI Policy on the incident table with a client script that shows the button conditionally.
UI Policy can conditionally display UI elements and run client scripts.
Create an Access Control Rule (ACL) on the incident table and attach a client script.
Create a Business Rule on the incident table that injects a button via server-side code.
Create a UI Action on the incident table with a client script and set the 'Show insert' condition.
A Service Portal widget is failing to update a reference field on a form after a user selects a value from a reference picker. The developer reviews the widget's client controller and sees the following code snippet: $scope.c.data.selectedItem = value; The server script expects 'selectedItem' to be a sys_id string, but it is receiving an object. What is the most likely cause?
The server script expects the parameter in a different scope variable, like $scope.c.data.item.
The $scope.c.data assignment is incorrect; it should be $scope.data.
The client controller is not allowed to set $scope.c variables.
The reference field returns an object with 'value' and 'display' properties; the code should extract the sys_id.
Reference fields return an object; the sys_id is typically in value or sys_id property.
When configuring a Service Portal page, a developer wants to ensure that a specific widget appears only to users with the 'itil' role. Which approach should be used?
Pass a role check from the server script to the client controller via widget options.
Write an Access Control Rule (ACL) on the widget's table to restrict access.
Set the 'Roles' property on the widget instance within the page designer.
The Roles property restricts widget visibility to specified roles.
Create a UI Policy on the portal table that hides the widget based on user roles.
A developer is designing a custom form in the standard UI (UI16) and needs to add a message that displays only when the 'state' field is 'Closed'. Which feature should be used to achieve this without custom scripting?
Create a UI Policy that adds a message when the condition state=Closed is true.
UI Policies can conditionally display messages without scripting.
Create a form section and set its condition via the 'Conditional' property.
Write a Client Script that shows a message when state changes to Closed.
Use a UI Macro with a condition that checks the state field.
A Service Portal widget is not updating data on the page after the user clicks a button that calls a server-side function. The client controller uses $scope.server.get() to call the server. The server script updates a global variable in glideRecord and returns it. However, the widget view does not reflect the change. What is the most likely issue?
The widget template is not bound to the correct scope variable.
The client controller should use $scope.server.update() instead of $scope.server.get().
The client controller is not handling the promise returned by $scope.server.get(); the scope update should be inside the success callback.
The async call returns a promise; scope must be updated after resolution.
The server script is not allowed to modify data from a widget server script.
Which TWO of the following are valid ways to customize the Service Portal login page?
Create a new widget instance on the 'loginpage' widget slot.
Override the 'Login' page in the portal record by creating a new page and setting it as the login page.
You can create a custom page and set it as the login page.
Add a widget option to the login widget to inject custom CSS.
Use CSS variables in the portal's theme (SCSS) to style the login page elements.
The portal theme can override CSS variables affecting the login page.
Set the 'login.css' property in sys_properties to a custom stylesheet URL.
Want more User Interface Development practice?
Practice this domainThe SNOW-CAD exam has 60 questions and must be completed in 90 minutes. The passing score is 700/1000.
Scenario-based questions covering exam objectives with detailed answer explanations.
The exam covers 9 domains: Working with Data, Platform Features and Integration, Integrating and managing application data, Automating application logic with business rules and scripts, Application development using ServiceNow Studio, Creating and customizing tables and data, Designing interfaces and user experiences, Core Application Development, User Interface Development. Questions are weighted by domain — higher-weight domains appear more on your actual exam.
No. These are original exam-style practice questions written against the official ServiceNow SNOW-CAD exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.
Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.