ServiceNow Certified Application Developer CAD (SNOW-CAD) — Questions 376450

500 questions total · 7pages · All types, answers revealed

Page 5

Page 6 of 7

Page 7
376
MCQmedium

A company has a business rule that runs on update of the Incident table. The rule sets the caller_id field to the sys_id of the user who last modified the record. However, the rule does not fire when an update is made via web services. What is the most likely cause?

A.The business rule's 'When' field is set to 'UI action only' which excludes web service updates.
B.The business rule is inactive.
C.Business rules never run when updates are made via web services.
D.The business rule's condition is 'current.operation() == 'update'' but the web service uses a different operation.
AnswerA

This is correct because the 'UI action only' setting limits the rule to UI-triggered updates.

Why this answer

Option A is correct because business rules can be configured to run on UI actions only, which excludes web service updates. Option B is incorrect because the condition 'current.operation() == 'update'' is typically used correctly. Option C is incorrect because web services do trigger business rules unless explicitly excluded.

Option D is incorrect because an inactive rule would never run.

377
Drag & Dropmedium

Drag and drop the steps to create an ACL (Access Control List) in ServiceNow into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

The sequence: navigate to ACLs, create new, define type/operation/name, set condition, and submit.

378
Matchingmedium

Match each ServiceNow portal widget property to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Runs on the client browser

Runs on the server during rendering

Defines the widget's HTML structure

Styles the widget

Defines widget dependencies on other widgets

Why these pairings

Widgets have several properties that define their behavior.

379
MCQmedium

The UI Policy has a 'Reverse if false' checkbox unchecked. When will the UI Policy's actions (such as setting a field mandatory) be applied?

A.When any user accesses a record interactively.
B.When any user accesses a record via any method.
C.When a user with the 'admin' role accesses a record via web services.
D.When a user with the 'admin' role accesses a record interactively (e.g., via the browser).
AnswerD

Both conditions must be true: admin role and interactive session.

Why this answer

Option D is correct because the 'Reverse if false' checkbox being unchecked means the UI Policy's conditions are evaluated only on interactive form loads (browser access), and the actions apply when the conditions are true. For non-admin users, UI Policies with 'Reverse if false' unchecked apply only when conditions are met during interactive access; however, the question specifies the checkbox is unchecked, and the correct answer highlights that admin users accessing records interactively trigger the policy's actions when conditions are true, as UI Policies do not run for web services or background operations unless explicitly configured.

Exam trap

The trap here is that candidates confuse UI Policies with business rules, assuming they run for all access methods (including web services), or they forget that admin users have special handling where UI Policies still execute but may not enforce mandatory/read-only constraints, leading them to pick 'any user' or 'via any method' options.

How to eliminate wrong answers

Option A is wrong because UI Policies do not apply to 'any user' interactively; they are role-sensitive and can be scoped to specific conditions, and the 'Reverse if false' checkbox being unchecked does not change that the policy only runs for interactive access, but the statement is too broad and ignores that admin users have special behavior (e.g., UI Policies with 'Reverse if false' unchecked still apply to admins interactively). Option B is wrong because UI Policies do not apply 'via any method'—they are specifically designed for interactive (browser) form loads and do not run for web services, background scripts, or REST/SOAP API calls. Option C is wrong because UI Policies are never evaluated during web service access, regardless of the user's role; web services use business rules or scripted REST APIs, not UI Policies.

380
MCQeasy

A ServiceNow developer is creating a new scoped application in Studio to manage IT asset lifecycle. They want to ensure the application is easily identifiable and follows best practices. What should the developer set for the application's name and scope fields?

A.Name: 'IT Asset Lifecycle', Scope: 'x_snc_it_asset_lifecycle'
B.Name: 'ITAM', Scope: 'global'
C.Name: 'Asset Management', Scope: 'x_'
D.Name: 'IT Asset Management', Scope: 'x_snc_itam'
AnswerD

Correct: follows best practices with unique prefix and descriptive name.

Why this answer

Option D is correct because scoped applications in ServiceNow must have a unique scope starting with 'x_' followed by a prefix (often the company acronym, e.g., 'snc') and a meaningful name. The name 'IT Asset Management' is descriptive and follows best practices, while the scope 'x_snc_itam' is properly formatted with the company prefix and a concise identifier, ensuring uniqueness and easy identification in the instance.

Exam trap

The trap here is that candidates often choose a scope that is too long or improperly formatted (like 'x_snc_it_asset_lifecycle') thinking it must match the application name exactly, or they mistakenly believe 'global' can be used for scoped apps, failing to recognize that scoped apps require a unique 'x_' scope.

How to eliminate wrong answers

Option A is wrong because the scope 'x_snc_it_asset_lifecycle' is too long and contains underscores that may cause readability issues; ServiceNow best practices recommend keeping scope names concise (e.g., using an acronym like 'itam') while the name can be descriptive. Option B is wrong because the scope 'global' is reserved for global applications and cannot be used for a scoped application; scoped applications require a custom scope starting with 'x_'. Option C is wrong because the scope 'x_' is incomplete and invalid—it must include a company prefix and a meaningful identifier (e.g., 'x_snc_itam'); a bare 'x_' does not provide uniqueness and will cause conflicts.

381
MCQhard

A company has a custom table 'project_task' with a reference field to 'project'. The requirement is to ensure that only users in a specific group can select projects in a certain state. Which approach provides the most secure and maintainable solution?

A.Use a reference qualifier on the project field that checks user group and project state.
B.Use a data policy with a condition to restrict the reference field.
C.Use a security rule to prevent selection of certain projects.
D.Use a business rule to check group membership on insert/update.
AnswerA

Reference qualifiers filter the available records in the picker, providing immediate feedback.

Why this answer

Option C is correct because reference qualifiers are the standard way to filter available options in a reference field. Option A (business rule) would allow selection then reject, which is not user-friendly. Option B (data policy) can enforce on submit but does not filter the picker.

Option D (security rule) is for access control, not field-level filtering.

382
Multi-Selecteasy

Which TWO conditions can be used as triggers for a UI Policy to set a field as mandatory? (Choose two.)

Select 2 answers
A.A record is submitted
B.A specific field value changes
C.The form is loaded
D.An ACL evaluates to false
E.The user has a specific role
AnswersB, C

On change conditions are common for UI Policies.

Why this answer

UI Policies can be triggered by changes to a specific field value or when the form is loaded. ACLs and user roles are not triggers for UI Policies.

383
MCQhard

Refer to the exhibit. What is the primary issue with this script if it is intended to update all incidents in state 'New' (state=1) to priority 2?

A.The script will not update any records because of a syntax error in setValue.
B.The script will update only the first record because next() is used incorrectly.
C.The script will cause an infinite loop.
D.The script will update records but may cause performance issues.
AnswerC

Updating the same record while iterating over it can trigger conditions that requery the record, leading to an infinite loop.

Why this answer

Option A is correct. Using gr.update() inside the while loop on the same GlideRecord object can cause an infinite loop if any business rule or trigger re-queries the same record set. This is a known anti-pattern.

Option B is incorrect because setValue syntax is fine. Option C is partially true but not the primary issue. Option D is incorrect because next() iterates correctly.

384
MCQhard

A mid-sized company heavily relies on ServiceNow for incident management. They have a business rule that runs before insert on the Incident table. The rule dynamically sets the assignment group based on the category of the incident and the location of the caller. To determine the correct group, the script performs a GlideRecord query against a custom table called "u_group_mapping", which contains approximately 5000 records mapping category-location pairs to groups. During peak business hours, when many incidents are created simultaneously, the business rule causes significant delays and occasional timeouts, impacting user experience. The development team has been tasked with optimizing this business rule without changing its functionality. The current script structure is roughly: (function executeRule(current, previous) { var gr = new GlideRecord('u_group_mapping'); gr.addQuery('category', current.category); gr.addQuery('location', current.caller_id.location); gr.query(); if (gr.next()) { current.assignment_group = gr.assignment_group; } })(current, previous); The team wants to reduce the database access overhead. Which optimization technique should the developer implement?

A.Use GlideAggregate to retrieve the count of matching groups
B.Store the mapping in a global script include variable that persists across sessions
C.Create a script include with a static variable to cache the mapping for the duration of the current transaction
D.Move the business rule to run after insert so it does not block the insert
AnswerC

This caches the query results within the same request, reducing database calls.

Why this answer

Option C is correct because caching the mapping data in a static variable within a script include ensures that the GlideRecord query against the 5000-record custom table is executed only once per transaction, rather than on every incident creation. This drastically reduces database access overhead during peak hours, as subsequent invocations of the business rule within the same transaction reuse the cached results, eliminating redundant queries and preventing timeouts.

Exam trap

The trap here is that candidates often confuse caching across sessions (Option B) with caching within a transaction (Option C), mistakenly thinking a global variable is more efficient, but ServiceNow’s architecture requires transaction-scoped caching to avoid stale data and concurrency conflicts.

How to eliminate wrong answers

Option A is wrong because using GlideAggregate to count matching groups does not retrieve the actual assignment group value; it only returns a count, which is useless for setting the assignment group and still requires a separate query to fetch the group. Option B is wrong because storing the mapping in a global script include variable that persists across sessions would introduce concurrency issues and stale data, as the mapping could change between sessions and the variable would not be automatically refreshed, leading to incorrect assignments. Option D is wrong because moving the business rule to run after insert does not reduce database access overhead; it merely shifts the timing, and the same GlideRecord query would still execute, potentially causing delays in post-insert processing and still impacting user experience if the insert itself is blocked by synchronous operations.

385
Multi-Selectmedium

Which TWO of the following are valid methods to create a custom table in ServiceNow?

Select 2 answers
A.Using a client script to create a table on the fly.
B.Importing a CSV file via Import Set and selecting 'Create table automatically'.
C.By updating the 'sys_db_object' table directly with a new entry.
D.Using the 'Create Table' module in System Definition.
E.Using a database view to combine existing tables and then creating a table from the view.
AnswersB, D

Import Sets can create tables if the import set table does not exist.

Why this answer

Options A and C are correct. Creating a table via the 'Create Table' module and using a database view are both valid. Option B is wrong because importing data into an existing table does not create a new table; use 'Import Set Row' to create table automatically is possible but not a direct method.

Option D is wrong because a client script cannot create a table. Option E is wrong because updating a dictionary entry does not create a table.

386
MCQhard

A large enterprise is implementing a Service Portal for employees to request IT equipment. The portal must be accessible globally, with users in Europe, Asia, and the Americas. The development team has created a custom widget that displays the user's local time based on their location. The widget uses a server script that calls a third-party geolocation API to determine the user's timezone based on their IP address. However, during peak hours, the widget takes over 10 seconds to load, causing poor user experience. The team also notices that the same timezone is fetched repeatedly for the same user across different sessions. The portal uses a CDN for static assets. Which approach should the developer take to reduce the load time while maintaining accuracy?

A.Implement asynchronous loading of the widget so the page loads without waiting for the timezone
B.Use client-side JavaScript to detect the timezone from the browser's Intl API instead of server-side API call
C.Move the geolocation API call to a business rule that runs once per user
D.Cache the timezone result in a user preference or session storage after the first request
AnswerD

Caching avoids repeated API calls and significantly reduces load time for subsequent requests.

Why this answer

Option D is correct because caching the timezone result in a user preference or session storage eliminates redundant API calls for the same user across sessions. This directly reduces load time by avoiding the 10-second geolocation API call on subsequent requests, while maintaining accuracy since the user's IP-based timezone is unlikely to change frequently. In ServiceNow, storing this data in a user preference (e.g., `sys_user_preference`) or session storage ensures persistence without repeated server-side processing.

Exam trap

ServiceNow often tests the misconception that client-side JavaScript (Intl API) is a drop-in replacement for server-side geolocation, but the trap here is that the Intl API returns the browser's configured timezone, not the user's actual geographic location, which fails the accuracy requirement for a globally accessible portal.

How to eliminate wrong answers

Option A is wrong because asynchronous loading only hides the delay from the user but does not reduce the actual 10-second API call time; the widget still takes that long to render, potentially causing partial page loads or race conditions. Option B is wrong because the browser's Intl API returns the client's local timezone based on system settings, not the user's geographic location; this could be inaccurate if the user is traveling or using a VPN, and it does not align with the requirement to determine timezone from IP address. Option C is wrong because a business rule runs on the server during record operations (e.g., insert/update), not on portal page load; it cannot be triggered per user session for a widget and would not solve the repeated API call issue for the same user across sessions.

387
MCQeasy

An administrator sees that a client script on a catalog item is not firing. The script is defined in the catalog item's 'Variable Editor' as a 'onSubmit' script. Which is the most likely reason?

A.The script is set to run on 'onLoad', but the page is being cached
B.The script is defined on a variable, but the variable is not on the order form
C.The script is written as a 'Catalog Client Script' but is defined in the 'Variable Editor' of the variable
D.The script uses 'g_form' but the form is not loaded yet
AnswerC

Correct; client scripts for catalog items must be defined in the Catalog Client Scripts related list, not inside a variable definition.

Why this answer

Option C is correct because the scenario describes a script defined in the catalog item's 'Variable Editor' as an 'onSubmit' script, which is a variable-level script. However, the question states the script is not firing. The most likely reason is that the script was written as a 'Catalog Client Script' (a global script type) but was incorrectly placed in the 'Variable Editor' of a variable.

Variable-level scripts in the Variable Editor are executed only when that specific variable is present on the form; if the script is actually a Catalog Client Script (which runs on the entire catalog item), it would not execute as expected because it is scoped to the variable, not the item. This mismatch between the intended script type and its location causes the script to fail to fire.

Exam trap

The trap here is that candidates confuse the scope of variable-level scripts (defined in the Variable Editor) with item-level Catalog Client Scripts, assuming any script placed in the Variable Editor will run globally for the catalog item.

How to eliminate wrong answers

Option A is wrong because an 'onSubmit' script fires on form submission, not on page load; caching affects 'onLoad' scripts, not 'onSubmit' scripts. Option B is wrong because if a script is defined on a variable but that variable is not on the order form, the script simply does not execute—it does not cause a 'not firing' issue; the script is correctly scoped but absent. Option D is wrong because 'g_form' is available as soon as the form is loaded, and an 'onSubmit' script runs after the form is fully loaded, so 'g_form' is always accessible at that point.

388
MCQmedium

A company needs to retrieve all active users whose department is 'Sales' and who have a manager assigned. They are using GlideRecord. Which script will correctly accomplish this?

A.var gr = new GlideRecord('sys_user'); gr.addQuery('active', true); gr.addQuery('department', 'Sales'); gr.addQuery('manager', 'ISNOTEMPTY'); var rows = gr.getRow();
B.var gr = new GlideRecord('sys_user'); gr.addQuery('active', true); gr.addQuery('department', 'Sales'); gr.addQuery('manager', 'ISNOTEMPTY'); gr.query();
C.var gr = new GlideRecord('sys_user'); gr.addQuery('active', true); gr.addQuery('department', 'Sales'); gr.query();
D.var gr = new GlideRecord('sys_user'); gr.get('active', true); gr.get('department', 'Sales'); gr.get('manager', 'ISNOTEMPTY');
AnswerB

Correctly uses addQuery with ISNOTEMPTY for manager.

Why this answer

Option A is correct because it uses addQuery for both conditions and uses 'ISNOTEMPTY' for the manager field. Option B is wrong because get() only retrieves one record. Option C is wrong because it lacks a condition for manager.

Option D is wrong because it uses getRow() which is not a GlideRecord method.

389
MCQhard

A Service Portal widget uses an AngularJS controller that directly modifies the DOM using jQuery inside the controller. After a platform upgrade, the widget stops working properly. What is the most likely reason?

A.jQuery is no longer allowed
B.Direct DOM manipulation conflicts with AngularJS digest cycles
C.The widget's controller syntax changed
D.AngularJS was completely removed from the platform
AnswerB

Correct: After an upgrade, digest cycles may behave differently, causing DOM changes to be overwritten.

Why this answer

Service Portal's AngularJS-based architecture is moving away from direct DOM manipulation. The correct approach is to use AngularJS data binding. The upgrade may have changed the order of digest cycles, causing inconsistencies.

390
MCQeasy

A ServiceNow instance needs to synchronize data with an external SQL database nightly. Which integration method is most appropriate?

A.Use a REST API exposed by the external database.
B.Use a MID Server with a JDBC data source.
C.Use a SOAP web service with a MID Server.
D.Use an email-based integration to send CSV files.
AnswerB

JDBC provides direct database connectivity through the MID Server.

Why this answer

A MID Server with a JDBC data source is the most appropriate method for nightly batch synchronization with an external SQL database because JDBC provides a direct, efficient, and secure database-level connection without requiring the external database to expose a web service or API. The MID Server acts as a secure proxy, allowing the ServiceNow instance to execute SQL queries against the external database over a persistent, encrypted connection, which is ideal for scheduled bulk data transfers.

Exam trap

The trap here is that candidates often assume REST APIs are the universal integration method, but for direct SQL database synchronization, JDBC via a MID Server is the native and most efficient approach, while REST would require an additional middleware layer that the external database likely does not provide.

How to eliminate wrong answers

Option A is wrong because using a REST API exposed by the external database would require the database to have a custom REST layer, which is not a standard feature of most SQL databases and adds unnecessary complexity and overhead for a simple nightly batch sync; REST APIs are better suited for real-time, granular operations. Option C is wrong because a SOAP web service with a MID Server is over-engineered for this scenario—SOAP is heavyweight, requires WSDL definitions, and is typically used for complex transactional integrations, not for straightforward nightly SQL data pulls. Option D is wrong because an email-based integration sending CSV files is unreliable for scheduled data synchronization due to lack of guaranteed delivery, file size limits, and no built-in error handling or retry mechanisms, making it unsuitable for production data syncs.

391
MCQeasy

In a transform map, a field mapping uses the condition 'if target field is empty'. What does this mean?

A.Only maps if both source and target are empty
B.Always maps regardless
C.Only maps if target field is empty
D.Only maps if source field is empty
AnswerC

That is the 'if target field is empty' condition.

Why this answer

Option B is correct: it maps only when the target field is empty. Option A is wrong because it checks target, not source. Option C is wrong because it is conditional.

Option D is wrong because it checks only target.

392
MCQeasy

In ServiceNow Studio, which role is required to create a new scoped application?

A.A global scope update set
B.No special role; any user can create applications
C.Application Creator role
D.Admin role
AnswerD

Admin role is required.

Why this answer

Option B is correct because creating scoped applications requires the admin role. Option A is incorrect as Application Creator is not a standard role. Option C is incorrect; not all users can create applications.

Option D is incorrect because global scope update sets are not required.

393
MCQhard

A company has implemented a custom application for tracking employee training. The application uses a custom table 'u_training' with fields: u_employee (reference to sys_user), u_course (string), u_completion_date (date), and u_status (choice: Not Started, In Progress, Completed). The application has a Business Rule that runs after insert and after update. The rule should send an email notification to the employee when the status changes to 'Completed'. However, the email is not being sent. The developer has verified that the notification record exists and is active. The Business Rule script uses the 'gs.eventQueue' method to trigger a custom event. The event is registered and the notification is configured to be triggered by that event. What is the most likely cause of the issue?

A.The event name is misspelled in the gs.eventQueue call.
B.The Business Rule does not have a condition to check if the status changed to 'Completed'.
C.The notification is set to 'Inactive'.
D.The employee's email address is not set in sys_user.
AnswerB

Without a condition, the event is fired on every insert and update, but the notification may have a condition that checks status. However, the likely issue is that the rule fires on all updates, but the notification condition might not be met. More precisely, the rule should fire only when status changes to Completed.

Why this answer

Option B is correct because the Business Rule lacks a condition to verify that the status field actually changed to 'Completed'. Without a condition like `current.u_status.changesTo('Completed')`, the rule fires on every insert and update, calling `gs.eventQueue` even when the status hasn't changed. This means the event is triggered unnecessarily, but more critically, the notification may not fire because the event is not scoped to the specific state transition.

The developer verified the notification record is active, so the missing condition is the most likely root cause.

Exam trap

The trap here is that candidates assume the Business Rule will always fire the event, overlooking the need for a condition to check the specific field change, which is a common oversight in ServiceNow development.

How to eliminate wrong answers

Option A is wrong because if the event name were misspelled in `gs.eventQueue`, the event would not fire at all, and the developer would likely see an error or no event in the system log; however, the question states the event is registered and the notification is configured, so a misspelling would be a basic mistake that would be caught early. Option C is wrong because the developer explicitly verified that the notification record exists and is active, so it cannot be set to 'Inactive'. Option D is wrong because while a missing email address would prevent delivery, the question focuses on the Business Rule logic; the email not being sent is due to the event not being triggered correctly, not a recipient configuration issue, and the developer would have checked the user record if that were the case.

394
MCQmedium

A ServiceNow administrator notices that a business rule designed to update the 'short_description' field on the 'incident' table is not executing when a user changes the field via a custom UI page that uses GlideRecord. The script in the business rule uses current.setValue() and current.update(). What is the most likely cause?

A.The 'short_description' field is read-only on the form.
B.The business rule is updating itself recursively and has been disabled.
C.The business rule is set to run on the server, but the custom UI page uses client-side GlideRecord which does not trigger server-side business rules.
D.The 'short_description' field is not in the business rule's 'Fields to update' list.
AnswerC

Client-side GlideRecord operations do not invoke server-side business rules; they go directly to the database without triggering 'after' update logic.

Why this answer

Option C is correct because client-side GlideRecord (g_form.getReference or direct GlideRecord in a UI page) runs entirely in the browser and does not trigger server-side business rules. Business rules execute only when a record is saved via server-side operations (e.g., form submit, web service, or server-side script). Since the custom UI page uses client-side GlideRecord, the update bypasses the business rule engine entirely.

Exam trap

The trap here is that candidates often assume any GlideRecord call triggers business rules, but client-side GlideRecord bypasses server-side execution, and the exam tests this specific distinction between client-side and server-side script execution contexts.

How to eliminate wrong answers

Option A is wrong because a read-only field on the form only prevents user input on that form; it does not prevent a business rule from updating the field via current.setValue() and current.update(). Option B is wrong because if the business rule were updating itself recursively, it would cause a loop and potentially be disabled by the system, but the question states the rule is not executing at all, not that it was disabled due to recursion. Option D is wrong because the 'Fields to update' list is not a property of business rules; business rules do not have a 'Fields to update' list—that concept applies to dictionary overrides or field-level security, not business rule execution.

395
MCQhard

A company has a requirement that the 'state' field of an incident cannot be changed from 'In Progress' to 'Resolved' if the 'category' field is empty. This validation must be enforced server-side to prevent data integrity issues. Which implementation should be used?

A.Make the 'category' field mandatory using a Data Policy.
B.Configure an ACL on the 'state' field to deny write access when category is empty.
C.Create a Client Script on 'state' change that checks if category is empty and shows an error message.
D.Create a 'before' Business Rule that checks if the state is changing to 'Resolved' and if category is empty, aborts the update with an error message.
AnswerD

Before Business Rules can prevent updates by returning false and setting error messages.

Why this answer

Option C is correct because a Business Rule with 'before' 'update' and a condition checking the change, then using gs.addErrorMessage() and returning false, will prevent the update server-side. Option A (Client Script) runs client-side and can be bypassed. Option B (ACL) controls read/write access, not specific value transitions.

Option D (Data Policy) makes category mandatory, which conflicts with existing records that might have empty category on other states.

396
MCQmedium

An administrator notices that a custom table called 'u_equipment' does not appear in the 'New Record' context menu of the application navigator. What is the most likely cause?

A.The table was not added to an application menu in the navigation module
B.The table is extended from a table that is not in the navigator
C.The table has a business rule that prevents new record creation
D.The 'Create new' option is inherited from the parent table
AnswerA

Custom tables must be added to an application menu (e.g., under a module) for them to appear in the navigator context menu for 'New Record'.

Why this answer

Option A is correct because application menus must be manually configured to include custom tables. Option B is wrong because tables under a module are independent. Option C is wrong because it's not inherited automatically.

Option D is wrong because scripts don't affect navigator menus.

397
MCQeasy

What is the effect of this business rule?

A.It will cause an error because assignment_group is a reference field.
B.It only runs when both caller and short description change.
C.It sets assignment_group to 'IT Support' every time the caller or short description changes.
D.It only sets assignment_group when the incident is first created.
AnswerC

Correct; the condition OR means either change triggers the script.

Why this answer

Option C is correct because the business rule is configured to trigger 'on change' for both the 'caller' and 'short description' fields. When either field changes, the rule sets the 'assignment_group' field to 'IT Support'. This is a typical use of a business rule to automatically assign incidents based on field updates.

Exam trap

The trap here is that candidates often confuse the condition logic (thinking 'changes to caller OR short description' means both must change) or assume reference fields cannot be set by business rules, leading them to pick option A or B.

How to eliminate wrong answers

Option A is wrong because assignment_group is a reference field, but business rules can set reference fields by specifying a sys_id or a name that resolves to a valid record; no error occurs as long as the value exists. Option B is wrong because the condition uses OR logic (either field changes), not AND; the rule runs when caller OR short description changes, not only when both change. Option D is wrong because the rule is not restricted to the 'on insert' event; it runs on updates as well, so it sets assignment_group whenever the specified fields change, not just on creation.

398
MCQmedium

A company has a Service Portal that includes a custom widget for submitting hardware requests. The widget has a client controller that calls a server script to create a new record in the 'hardware_request' table. Recently, users have reported that when they click the 'Submit' button, the widget sometimes does not show a success message, and the record is not created. The developer reviews the server script, which uses gs.log to log errors, and sees no errors in the logs. The client controller uses $scope.server.get() to call the server. The widget template uses ng-show='data.success' to display a success message. Based on this scenario, what is the most likely cause of the intermittent issue?

A.The server script fails due to a mandatory field not being provided, but the error is not logged.
B.The server script uses data.success = true; but the client controller does not read it.
C.The widget has a Client Script that conflicts with the server script.
D.The client controller does not handle the asynchronous response properly; the success message depends on the promise resolving before the user might navigate away or click again.
AnswerD

Asynchronous calls require proper handling of promises to update scope.

Why this answer

The client controller uses $scope.server.get() to make an asynchronous call to the server script. If the user clicks 'Submit' and then navigates away or clicks again before the promise resolves, the success message (ng-show='data.success') may never display because the $scope.data object is not updated in time. The server script logs no errors because it executes correctly, but the client-side asynchronous handling fails to capture the response, leading to the intermittent issue.

Exam trap

ServiceNow often tests the misconception that server-side errors are the only cause of missing success messages, but the trap here is that asynchronous client-side handling (promise resolution and digest cycles) can silently fail to update the UI even when the server executes correctly.

How to eliminate wrong answers

Option A is wrong because the server script uses gs.log to log errors, and the developer sees no errors in the logs, indicating that mandatory fields are likely provided and the script executes without failure. Option B is wrong because if the server script sets data.success = true, the client controller would read it via the $scope.server.get() response, which updates $scope.data; the issue is not that the client controller fails to read it, but that the response may not be processed due to asynchronous timing. Option C is wrong because there is no mention of a Client Script in the widget, and a conflicting Client Script would likely produce consistent errors or logs, not intermittent failures with no logged errors.

399
MCQeasy

In ServiceNow Studio, when developing a flow that requires a decision based on a record's category, which component should be used?

A.Action
B.Flow Logic
C.Trigger
D.Condition
AnswerD

Conditions evaluate expressions and allow branching based on the category.

Why this answer

Option A is correct because a Condition component is used to evaluate criteria and branch the flow. Action performs operations, Trigger initiates the flow, and Flow Logic is not a component.

400
MCQeasy

A developer needs to create a new table to store custom survey responses. The table should have a field to store the survey name and a field to store the response text. The developer wants to ensure that the table is available in the 'Surveys' application module. Which property must be set on the table?

A.Application scope
B.Table name
C.Table label
D.Application module
AnswerD

This defines the module where the table appears.

Why this answer

The Application module property determines which application module a table belongs to, making it visible and accessible within that module's scope. Setting this to 'Surveys' ensures the table appears in the Surveys application module, as required by the developer.

Exam trap

ServiceNow often tests the distinction between Application scope (which controls access and isolation) and Application module (which controls UI placement), leading candidates to confuse the two.

How to eliminate wrong answers

Option A is wrong because Application scope defines the application's namespace and access permissions, not the module where the table is displayed. Option B is wrong because the Table name is a unique identifier for the table but does not control its visibility in a specific application module. Option C is wrong because the Table label is a human-readable name shown in the UI, but it does not assign the table to a particular application module.

401
MCQmedium

A developer created the business rule shown in the exhibit to auto-generate asset tags. However, when a new asset is created, sometimes the generated tag is a duplicate of an existing tag. What is the most likely cause?

A.The condition '!current.u_asset_tag' fails when the field is empty
B.The script does not account for records with null asset tags
C.The script does not handle the scenario when no asset tag exists
D.The query uses 'CONTAINS' which may match unintended tags, and ordering by sys_created_on may not guarantee the highest number
AnswerD

CONTAINS can match multiple patterns, and ordering by creation time may not reflect the highest number.

Why this answer

Option D is correct because the script uses a glide query with 'CONTAINS' to find the highest existing asset tag number, which can match unintended tags (e.g., 'TAG-10' matching 'TAG-1001'), and ordering by 'sys_created_on' does not guarantee the highest numeric suffix. This leads to duplicate tags when the generated number is already in use but not detected as the maximum.

Exam trap

ServiceNow often tests the subtle flaw of using 'CONTAINS' for numeric suffix extraction, where candidates overlook that substring matching can return unintended records, and assume ordering by creation time is sufficient for determining the highest number.

How to eliminate wrong answers

Option A is wrong because the condition '!current.u_asset_tag' correctly evaluates to true when the field is empty (null or empty string), so it does not fail. Option B is wrong because the script explicitly checks for null/empty asset tags via the condition, so it does account for records with null asset tags. Option C is wrong because the script handles the scenario when no asset tag exists by generating a default tag (e.g., 'ASSET001'), so it does not fail in that case.

402
MCQhard

A team is using a SOAP web service integration. The response contains namespaced XML, and the script that parses it is not extracting values correctly. What is the most likely issue?

A.WSDL caching prevents updated endpoint
B.SOAP version mismatch between request and response
C.HTTP timeout during response retrieval
D.Missing or incorrect namespace prefix handling in the script
AnswerD

Namespaces must be resolved correctly to access elements.

Why this answer

Option B is correct: namespace prefix handling is critical in SOAP XML parsing. Option A is wrong because SOAP version is not the issue. Option C is wrong because WSDL caching might affect updating but not parsing.

Option D is wrong because timeout would cause a different error.

403
Multi-Selecteasy

Which THREE statements are true about database views in ServiceNow?

Select 3 answers
A.Database views can have fields from multiple tables
B.Database views can reference tables from different instances or databases
C.A database view can be used as a source for reports
D.Database views are read-only
E.Database views can be updated via business rules
AnswersA, C, D

Views can join multiple tables and include fields from each.

Why this answer

Options B, C, and E are correct. Database views are read-only (B), can be used as report sources (C), and can combine fields from multiple tables (E). Option A is false because views cannot reference external databases.

Option D is false because views are read-only and cannot be updated via business rules.

404
MCQmedium

What is the purpose of this script?

A.Delete resolved incidents.
B.Log all new incidents.
C.Update all open incidents.
D.Count the number of incident records.
AnswerB

Correct. It logs incident numbers for state=1 (New).

Why this answer

Option B is correct because 'state' 1 corresponds to 'New' status. The script logs all new incidents. Option A is wrong as it does not update.

Option C is wrong because it does not delete. Option D is wrong because it does not count.

405
MCQeasy

Which script function is used to query the database in a business rule?

A.GlideRecord.query();
B.new GlideRecord('table').query();
C.gs.query();
D.GlideRecord.newQuery();
AnswerB

Correct; this creates a GlideRecord object and queries the table.

Why this answer

Option B is correct because in ServiceNow, a business rule must instantiate a new GlideRecord object using the 'new' keyword and then call the query() method on that instance to retrieve records from the database. The syntax 'new GlideRecord('table').query()' properly creates a GlideRecord object for the specified table and executes the query to fetch matching records.

Exam trap

ServiceNow often tests the distinction between static class references and instance methods, so the trap here is that candidates mistakenly think 'GlideRecord.query()' is valid because they confuse it with other static utility classes like 'GlideSystem' or 'GlideAggregate', forgetting that GlideRecord requires instantiation with 'new'.

How to eliminate wrong answers

Option A is wrong because 'GlideRecord.query()' is a static call on the class itself, not on an instance; GlideRecord is not a static utility class and query() must be called on an instantiated object. Option C is wrong because 'gs.query()' is not a valid function; the 'gs' object (GlideSystem) provides methods like gs.getUser() or gs.log(), but does not have a query() method for database operations. Option D is wrong because 'GlideRecord.newQuery()' is not a valid method; GlideRecord has no static 'newQuery' method, and the correct approach is to use 'new GlideRecord()' followed by '.query()'.

406
Multi-Selecteasy

In ServiceNow Studio, which TWO elements can be created directly from the 'Create Application File' wizard? (Choose two.)

Select 2 answers
A.Flow
B.System Property
C.Update Set
D.Table
E.Business Rule
AnswersD, E

Tables are a common application file created in Studio.

Why this answer

Options A and D are correct. Tables and Business Rules are standard application files that can be created via the wizard. Update Sets (B) are not created as application files; they are containers for changes.

System Properties (C) and Flows (E) are created through other modules (e.g., sys_properties, Flow Designer).

407
Multi-Selecthard

Which three actions require a business rule to be set to 'before' to work correctly? (Choose three.)

Select 3 answers
A.Sending an email notification
B.Deleting a record related to the current record
C.Setting a default value on a new record
D.Updating a field on the current record
E.Aborting the current transaction
AnswersC, D, E

Correct; defaults must be set before the record is saved.

Why this answer

Options A, B, and D are correct. A: Aborting the transaction must happen before the database write. B: Setting a default value must happen before insert.

D: Updating a field on the current record is only possible in 'before' (in 'after' the record is already saved). C and E can be done in 'after' as well.

408
MCQmedium

A developer creates a Scheduled Job that runs daily and sends an email notification to a list of users. The job uses a Script Action to query the 'incident' table and sends an email if the count exceeds a threshold. However, the email is not being sent. What is the most likely cause?

A.The email notification is set to 'Inactive'.
B.The Scheduled Job is configured to run on a different schedule than expected.
C.The user who created the job does not have the 'email_send' role.
D.There is a script error in the Script Action that prevents the email from being sent.
AnswerD

A script error would cause the action to fail silently, and no email is sent.

Why this answer

Option D is correct because the most likely cause of the email not being sent is a script error in the Script Action. If the script encounters an error (e.g., a syntax error, a null reference, or a failed query), it will stop execution before reaching the email-sending logic, and the email will not be sent. Scheduled Jobs in ServiceNow execute scripts in a headless environment, and any unhandled exception will silently fail without sending the email.

Exam trap

The trap here is that candidates may assume the email notification's active state (Option A) is the cause, but the question specifies a Script Action directly sending the email, not a notification record, so the notification's state is irrelevant.

How to eliminate wrong answers

Option A is wrong because if the email notification were inactive, the Scheduled Job would still execute, but the notification record would not fire; however, the question states the email is not being sent, and the job uses a Script Action to send the email directly (likely via `gs.email.send()`), not via a notification record, so the notification's active state is irrelevant. Option B is wrong because if the job were running on a different schedule, it would still send the email when it does run; the issue is that the email is never sent, not that it runs at the wrong time. Option C is wrong because the `email_send` role is required to send email via `gs.email.send()` in a background script, but the Scheduled Job runs as the user who created it; if that user lacks the role, the script would throw a security exception, which is a script error, making D the more direct and likely cause.

409
MCQeasy

When configuring a Service Portal page, a developer wants to ensure that a specific widget appears only to users with the 'itil' role. Which approach should be used?

A.Pass a role check from the server script to the client controller via widget options.
B.Write an Access Control Rule (ACL) on the widget's table to restrict access.
C.Set the 'Roles' property on the widget instance within the page designer.
D.Create a UI Policy on the portal table that hides the widget based on user roles.
AnswerC

The Roles property restricts widget visibility to specified roles.

Why this answer

Option C is correct because the 'Roles' property on a widget instance within the Service Portal page designer directly controls which roles can view that specific widget. This is the intended declarative approach for role-based visibility at the widget instance level, without requiring custom scripting or ACLs.

Exam trap

The trap here is that candidates often confuse ACLs (which control data access) with widget instance visibility, or incorrectly think UI Policies can be applied to portal widgets, when in fact the 'Roles' property is the dedicated mechanism for this exact use case.

How to eliminate wrong answers

Option A is wrong because passing a role check from server script to client controller via widget options is an unnecessarily complex and non-standard approach; the platform provides the built-in 'Roles' property for this purpose. Option B is wrong because Access Control Rules (ACLs) on the widget's table control CRUD operations on the widget record itself, not the runtime visibility of the widget instance on a portal page. Option D is wrong because UI Policies operate on form fields and records, not on Service Portal widgets; they cannot be applied to portal tables to hide widget instances.

410
MCQhard

A UI Policy with the above condition script never evaluates to true. What is the issue?

A.The condition must be written in AngularJS to work in UI16.
B.The property name is misspelled as 'my.property' but should be 'my_property'.
C.gs.getProperty() is not permitted in UI Policy scripts.
D.The script should not be wrapped in a function; it should directly be the condition expression.
AnswerD

UI Policy condition scripts are evaluated as the script itself, not a function call.

Why this answer

Option B is correct because UI Policy condition scripts should not be wrapped in a function; the entire script is the condition expression. The code should directly return the property comparison, not define a function. Option A is wrong because gs.getProperty is allowed in UI Policy conditions (server-side).

Option C is wrong because there is no evidence of a misspelling. Option D is wrong because UI Policies are not related to AngularJS.

411
MCQhard

The transform map fails when the source field 'u_summary' is null. What is the best way to prevent this error?

A.Use target.short_description = source.u_summary instead
B.Add a null check before setting: if(source.u_summary) target.setValue('short_description', source.u_summary);
C.Add a 'return true;' statement at the end
D.Map to a system field like 'sys_created_by'
AnswerB

Null check prevents the script from erroring when the source field is empty.

Why this answer

Option D is correct: check for null before setting. Option A is wrong because the script does not need a return. Option B is wrong because setValue is correct method.

Option C is wrong because system fields are not the issue.

412
Multi-Selecteasy

Which TWO are best practices for designing forms in ServiceNow to enhance user experience and maintainability?

Select 2 answers
A.Leverage related lists to display one-to-many relationships on a form.
B.Always enable the 'Use Default Form' checkbox to ensure consistency.
C.Use a single form layout for all record types to reduce complexity.
D.Group related fields using sections to organize the form logically.
E.Avoid using reference fields on forms as they slow down performance.
AnswersA, D

Related lists provide a clear overview of child records directly on the parent form.

Why this answer

Options B and D are correct. B: Related lists are effective for displaying one-to-many relationships, providing quick access to related records. D: Grouping related fields into sections improves form readability and logical flow.

Option A is incorrect because using a single layout may not suit all form types; sections enhance organization. Option C is incorrect; the 'Use Default Form' checkbox is not a universal best practice—it depends on context. Option E is incorrect; reference fields are commonly used and essential for relational data.

413
MCQhard

A script include has a function that uses the 'GlideRecordSecure' class. When called from a Business Rule in a different scope, it throws a security exception. What is the most likely cause?

A.The script include does not have the 'Accessible from' property set to all scopes.
B.The function is not defined as a static function.
C.The GlideRecordSecure class is not accessible from other scopes.
D.The script include is not marked as public.
AnswerA

Must be set to 'All scopes' or specific scope.

Why this answer

Option A is correct because the 'Accessible from' property on a Script Include controls which scopes can invoke its functions. When this property is not set to 'All scopes', a Business Rule in a different scope cannot call the Script Include, resulting in a security exception. The GlideRecordSecure class itself is accessible across scopes, but the Script Include's access restriction prevents the call.

Exam trap

ServiceNow often tests the misconception that GlideRecordSecure is the cause of cross-scope access issues, when in fact the Script Include's 'Accessible from' property is the primary gatekeeper for cross-scope invocation.

How to eliminate wrong answers

Option B is wrong because static functions are not required for cross-scope access; the 'Accessible from' property is the key control. Option C is wrong because the GlideRecordSecure class is accessible from other scopes by default; the issue is the Script Include's access restriction, not the class. Option D is wrong because marking a Script Include as 'public' (via the 'Accessible from' property) is exactly what is missing; the term 'public' in this context refers to the 'Accessible from' setting, not a separate flag.

414
MCQhard

A company is using ServiceNow for incident management. They have a business rule on the 'before update' of the incident table that automatically assigns the incident to the first available member of the 'Support' group when the state changes to 'New'. The business rule works correctly when an incident is first created with state 'New', but when an existing incident's state is changed to 'New' from another state, the assignment does not happen. The business rule script checks if current.state.changesTo('New') and then queries the group members. The group has multiple members. Other business rules that run on state changes work fine. What is the most likely cause?

A.The condition current.state.changesTo('New') only works on insert, not on update.
B.A subsequent business rule that runs after this one in the same order is clearing the assignment field.
C.The business rule should be set to run on 'after' update instead of 'before' to ensure the state is committed.
D.The script uses current.assignment_group which is not available on update because the group might be different.
AnswerB

If another business rule runs after and sets assignment to empty, it would overwrite the assignment made by this rule.

Why this answer

Option B is correct because the business rule runs on 'before update', and if a subsequent business rule in the same execution order clears the assignment field after this rule sets it, the assignment will be lost. This is a common issue when multiple business rules interact on the same table and order of execution matters. The fact that other state-change business rules work fine indicates the logic itself is sound, but a later rule is overriding the assignment.

Exam trap

The trap here is that candidates often assume changesTo() has a limitation on update, when in reality the issue is the order of execution and interaction between multiple business rules, which is a common pitfall in ServiceNow development.

How to eliminate wrong answers

Option A is wrong because current.state.changesTo('New') works on both insert and update; it returns true when the state field is changing to 'New' during an update, and it also works on insert (though on insert the 'from' value is null). Option C is wrong because running on 'after' update would not fix the issue; the assignment would still be cleared by a subsequent rule, and 'before' is actually the correct timing to set a field before it is saved. Option D is wrong because current.assignment_group is available on update; the group field is not read-only and can be accessed and set in both before and after business rules.

415
MCQhard

A multinational corporation uses a single ServiceNow instance for IT service management. The ServiceNow portal serves thousands of users across multiple departments (HR, Finance, IT, Legal). Each department requires a customized portal experience: specific branding, tailored service catalog, and unique knowledge bases. The current implementation uses a single portal with multiple widgets that conditionally display content based on user group membership. Users have reported slow page loads and inconsistent styling across departments. The ServiceNow administrator must redesign the portal architecture to improve performance and maintainability while accommodating each department's requirements. Which approach should the administrator take?

A.Maintain a single portal but leverage ServiceNow's branding records and theme variants to apply department-specific styling; optimize widgets with client-side caching and lazy loading.
B.Create a separate portal for each department, each with its own theme and set of widgets to fully isolate customizations.
C.Standardize all departments onto a single, simple portal with no customizations to reduce complexity and improve load times.
D.Keep one portal with a single theme and use extensive client scripts to alter styling and content based on the user's department.
AnswerA

This approach centralizes portal management while allowing tailored experiences; caching and lazy loading improve performance.

Why this answer

Option B is correct because using a single portal with ServiceNow's branding infrastructure (branding records, theme variants) allows centralized management while providing department-specific customization. Optimizing widgets with client-side caching and lazy loading addresses performance concerns. Option A is incorrect because creating separate portals per department leads to significant maintenance overhead and fragmentation of configurations.

Option C relies on client scripts for styling, which is inefficient and difficult to maintain; performance remains poor. Option D ignores departmental requirements, resulting in a poor user experience.

416
Drag & Dropmedium

Drag and drop the steps to create a new Notification in ServiceNow into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

The sequence: navigate to Notifications, create new, set table and name, define conditions, configure email details, and submit.

417
MCQmedium

A company is building a ServiceNow application to manage employee onboarding. They need to store personal data like social security numbers (SSNs) and medical information. Which data classification scheme should they apply to these fields to ensure proper encryption and access controls?

A.Confidential
B.Internal
C.Highly Confidential
D.Public
AnswerC

Correct, this is the highest classification for sensitive personal data.

Why this answer

Option C is correct because 'Highly Confidential' is the ServiceNow data classification level designed for sensitive personal data such as social security numbers and medical information. This classification enforces mandatory encryption at rest and in transit, strict role-based access controls, and audit logging, aligning with regulatory requirements like GDPR and HIPAA.

Exam trap

The trap here is that candidates often confuse 'Confidential' with 'Highly Confidential', assuming that any sensitive data falls under 'Confidential', but ServiceNow reserves 'Highly Confidential' specifically for data requiring the highest security controls, such as PII and PHI.

How to eliminate wrong answers

Option A is wrong because 'Confidential' is a lower classification intended for business-sensitive data (e.g., internal financial reports) that does not require the same level of encryption and access restrictions as personal identifiable information (PII) or protected health information (PHI). Option B is wrong because 'Internal' is used for data that can be shared within the organization without special controls, such as standard operating procedures, and does not mandate encryption or granular access controls. Option D is wrong because 'Public' is for data that can be freely disclosed, like marketing materials, and has no security or encryption requirements.

418
MCQmedium

A developer is building a scoped application in Studio that needs to access global records. Which application property should be enabled?

A.Allow access to this application from all scopes.
B.Allow access to all scoped applications.
C.Allow read/write access to tables in global scope.
D.Export table data.
AnswerC

Correct. This enables access to global tables.

Why this answer

Option B is correct because 'Allow read/write access to tables in global scope' permits the application to interact with global tables. Option A is wrong as it is not a valid property. Option C is wrong because 'Export table data' is for data export.

Option D is wrong as it controls access from other scopes.

419
Drag & Dropmedium

Drag and drop the steps to create a new table in ServiceNow into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

The order is: navigate to tables, click new, define table properties, set attributes, then submit.

420
Matchingmedium

Match each ServiceNow acronym to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Configuration Management Database

Customer Service Management

IT Service Management

Human Resources Service Delivery

Governance, Risk, and Compliance

Why these pairings

These are common ServiceNow acronyms for product lines and modules.

421
MCQeasy

A company needs to store data about employee certifications. Each employee may have multiple certifications. Which approach is best practice?

A.Add a multi-select field to the User table to store certification IDs
B.Create a new custom table with a reference field to the User table
C.Extend the User table to store certification fields directly
D.Create a database view that joins User and certification data
AnswerB

Allows multiple certifications per user without inheriting unwanted fields.

Why this answer

Option B is correct because creating a new table with a reference to the User table avoids inheriting unnecessary fields from the User table and allows multiple certification records per employee. Option A is wrong because extending the User table would add many unwanted fields and complicate data management. Option C is wrong because a multi-select field cannot store multiple records effectively.

Option D is wrong because database views are read-only and not for data storage.

422
MCQmedium

A company is integrating with an external HR system using a REST API to create and update user records in the sys_user table. The API endpoint requires a token that expires every 24 hours. The integration is scheduled to run hourly. The token is stored in a credential record. After a few days, the integration fails with a 401 Unauthorized error. The error log shows "Invalid token". What is the most likely cause?

A.The token was refreshed but the credential record was not updated.
B.The REST API endpoint URL changed.
C.The credential record was deleted.
D.The IP address of the external system changed.
AnswerA

The token expires; the integration uses the stored token. If the token is refreshed externally but not stored, the old token remains and becomes invalid after 24 hours.

Why this answer

Option B is correct because the token expires every 24 hours, so after the first day, the token used by the integration is stale. The credential record must be updated with a fresh token, but if the integration does not handle token refresh, it will fail.

423
Multi-Selecthard

Which THREE are true about Data Policies? (Choose three.)

Select 3 answers
A.They can be used to enforce field requirements.
B.They can reference the current record's values.
C.They can fire on insert only.
D.They can be applied to specific user roles.
E.They run on the client side only.
AnswersA, B, D

Data policies can make fields mandatory or read-only based on conditions.

Why this answer

The correct answers are A, C, and D. Data policies enforce field requirements (mandatory/read-only) on the server side, can reference current record values, and can be restricted to specific user roles. They do not run on the client side, and they can fire on both insert and update.

424
MCQmedium

Refer to the exhibit. The business rule is intended to update the CI's operational status when an incident is resolved. However, the CI is not being updated. What is the most likely reason?

A.The business rule runs after the record is saved, so changes to the CI are not saved
B.The script does not include a condition to check if the CI belongs to the cmdb_ci_server table
C.The business rule runs synchronously, so it cannot update another record
D.The script uses gr.update() without checking if the CI record exists
AnswerB

If the CI is not a server, the GlideRecord may fail to find it.

Why this answer

The script assumes the CI record is of type 'cmdb_ci_server'. If the CI is a different class (e.g., cmdb_ci_router), the GlideRecord will not find it. Option A is incorrect because after business rules can update other records.

Option B is not the root cause. Option C is false because synchronous rules can update other records.

425
Multi-Selecthard

Which THREE of the following are true about ACLs (Access Control Lists)? (Choose three.)

Select 3 answers
A.ACLs can include conditions that must be met for access.
B.ACLs are evaluated on the client side.
C.ACLs are only applicable to system tables.
D.ACLs can control read and write access to records.
E.ACLs can be scoped to a specific application.
AnswersA, D, E

Conditions can be added to ACLs.

Why this answer

ACLs (Access Control Lists) in ServiceNow are used to enforce security by specifying conditions that must be met for a user to access a record, field, or script. Option A is correct because an ACL defines a condition (typically a script or a set of conditions) that evaluates to true or false, and only when the condition is met is access granted or denied. This is the core mechanism of ServiceNow's role-based and condition-based access control.

Exam trap

ServiceNow often tests the misconception that ACLs are client-side or only apply to system tables, but in ServiceNow, ACLs are server-side and apply to all tables, including custom and scoped application tables.

426
MCQhard

A developer needs to create a new application scope. Which of the following is a best practice when defining the scope?

A.Set the scope to 'Protected' to prevent other applications from modifying its records.
B.Use the global scope to avoid access restrictions.
C.Use a scope name that is already in use to leverage existing configurations.
D.Create the scope and later change the name if needed.
AnswerA

Protected scope prevents unauthorized modifications.

Why this answer

Setting the scope to 'Protected' is a best practice because it prevents other applications from modifying the application's records while still allowing the application to access records from other scopes. This balances security and interoperability, ensuring that the application's data integrity is maintained without unnecessarily restricting cross-scope access.

Exam trap

The trap here is that candidates often confuse 'Protected' with 'Private' and assume it blocks all access, or they mistakenly think global scope is the safest choice because it avoids access restrictions, when in fact it exposes the application to unauthorized modifications.

How to eliminate wrong answers

Option B is wrong because using the global scope exposes the application's records to modification by any other application, undermining data integrity and security. Option C is wrong because scope names must be unique within an instance; reusing an existing scope name would cause a conflict and is not permitted. Option D is wrong because the scope name is immutable after creation; it cannot be changed later without recreating the application, which would break existing references and configurations.

427
Multi-Selectmedium

A developer is troubleshooting an issue where a business rule is not firing. Which TWO steps should the developer take to diagnose the problem? (Choose two.)

Select 2 answers
A.Check the business rule order.
B.Ensure the business rule has a condition.
C.Run the business rule from the context menu.
D.Verify that the business rule is active.
E.Check if the table is locked.
AnswersB, D

If the condition evaluates to false, the rule does not run.

Why this answer

Options B and C are correct. The business rule must be active and must have a condition that evaluates to true. Option A (order) matters only if multiple rules conflict, but is not the first check.

Option D is not possible; business rules cannot be run manually. Option E is not relevant.

428
MCQeasy

This client script is attached to the 'category' field on the incident form. When the user changes the category to 'Network', what happens to the short_description field?

A.Nothing happens because newValue equals 'Network' which passes the empty check.
B.The short_description is set to 'Category changed to Network'.
C.An error occurs because setValue cannot be called with a string.
D.The short_description is cleared.
AnswerB

The setValue method updates the field.

Why this answer

Option B is correct because the client script checks if the newValue of the 'category' field is not empty and equals 'Network'. When the user changes the category to 'Network', newValue is 'Network', which passes the empty check (newValue !== ''), and then the condition newValue === 'Network' is true. The script then executes g_form.setValue('short_description', 'Category changed to Network'), which sets the short_description field to that string.

Exam trap

The trap here is that candidates may misinterpret the empty check as a guard that prevents any action when newValue is non-empty, but the script only skips if newValue is empty, so when newValue is 'Network', it proceeds to the equality check and executes the setValue call.

How to eliminate wrong answers

Option A is wrong because the empty check (newValue !== '') passes when newValue is 'Network', so the script does not skip execution; it proceeds to the equality check. Option C is wrong because g_form.setValue() can accept a string as the second argument; it sets the field value to that string without error. Option D is wrong because the script explicitly sets the short_description to 'Category changed to Network', not clearing it; clearing would require an empty string or null.

429
Multi-Selecthard

Which TWO of the following are valid methods to authenticate a REST API call to ServiceNow?

Select 2 answers
A.SAML assertion authentication.
B.LDAP authentication.
C.Basic Authentication with username and password.
D.API Key authentication.
E.OAuth 2.0 authentication.
AnswersC, E

Basic Authentication is supported.

Why this answer

Option C is correct because ServiceNow supports Basic Authentication, where the REST API call includes an HTTP Authorization header with a Base64-encoded string of 'username:password'. This is a straightforward method for authenticating API requests, though it requires HTTPS to avoid exposing credentials in plaintext.

Exam trap

The trap here is that candidates may confuse authentication methods supported for the UI (like SAML or LDAP) with those valid for REST API calls, or mistakenly think ServiceNow supports API keys when it does not.

430
Multi-Selecthard

Which TWO are common issues when troubleshooting a failed LDAP import?

Select 2 answers
A.LDAP filter syntax is invalid
B.OAuth token for LDAP is expired
C.LDAP attribute mapping does not match target fields
D.Base DN is incorrectly specified
E.LDAP server is unreachable
AnswersA, D

Invalid filters cause the import to retrieve no data or error.

Why this answer

Options B and D are correct. B: Incorrect base DN is a frequent misconfiguration. D: Invalid LDAP filter syntax can cause no results.

A is also common but connectivity is more foundational; C is important but not as common as filter issues; E is irrelevant to LDAP.

431
MCQeasy

An import set is failing because some records have duplicate values in a unique field. The requirement is to skip duplicates and import only new records. Which transform map option should be used?

A.Enable 'Import set update only' in the transform map.
B.Enable 'Update existing records' in the transform map.
C.Enable 'Reject duplicates' in the data source options.
D.Enable 'Coalesce' on the unique field and set 'Action' to 'Insert' in the transform map.
AnswerD

Coalesce identifies existing records, and setting action to Insert ensures new records are created and duplicates are ignored.

Why this answer

Option A is correct because enabling 'Coalesce' on the unique field allows the system to identify existing records and skip duplicates. Option B (Import set update only) would update existing records, not skip. Option C (Reject duplicates) is not a standard option.

Option D (Update existing records) would update duplicates.

432
MCQmedium

A developer needs to create a script that runs before a record is inserted, to set a default value. Which business rule 'When' option is appropriate?

A.Before
B.Async
C.After
D.Display
AnswerA

Correct; before insert allows modifying the record before save.

Why this answer

Option B is correct because 'Before' runs before the database insert, allowing default values to be set. Option A is incorrect because 'After' runs after the record is already saved. Option C is incorrect because 'Async' runs later.

Option D is incorrect because 'Display' runs on form display.

433
MCQeasy

A company wants to display a list of open incidents on a Service Portal page. Which component should be used?

A.Map widget
B.Data Table Widget
C.Performance Analytics widget
D.List View Widget
AnswerB

Correct: Data Table Widget is designed to display record lists on portals.

Why this answer

The Data Table Widget is the standard component for displaying lists of records in Service Portal. Option B is wrong because List View Widget is used in the backend UI, not on portals. Option C is for analytics.

Option D is for displaying maps.

434
MCQhard

An organization uses ServiceNow Discovery to populate the CMDB. They notice that some CI relationships are missing after a discovery run. The discovery logs show no errors. What is the most likely cause?

A.The MID server credentials do not have permission to query relationship data
B.The CI Class Manager does not have the correct relationship types defined for the discovered CIs
C.The discovery probes are not configured to capture relationships
D.The CMDB is set to read-only mode
AnswerB

The CI Class Manager defines which relationships are possible between CI classes. If a relationship type is missing, it won't be created.

Why this answer

Option B is correct because the CI Class Manager defines which relationship types are valid for each CI class. If the relationship types are not defined or incorrectly configured, Discovery will not create those relationships even if the probes run successfully and no errors are logged. The absence of errors indicates the discovery process completed normally, but the missing relationships are due to missing or incorrect relationship definitions in the CI Class Manager.

Exam trap

The trap here is that candidates assume missing relationships must be caused by a probe or permission issue, overlooking that the CI Class Manager's relationship definitions are a prerequisite for relationship creation, even when discovery runs without errors.

How to eliminate wrong answers

Option A is wrong because MID server credentials are used for authentication to target systems; if they lacked permission to query relationship data, the discovery logs would typically show authentication or permission errors, not a clean run with no errors. Option C is wrong because discovery probes are configured to capture CIs and their attributes, but relationships are not captured by probes directly; they are inferred by the Discovery engine based on relationship types defined in the CI Class Manager. Option D is wrong because a read-only CMDB would prevent any updates to the CMDB, including CI creation and relationship creation, and would generate errors or warnings in the logs, not a clean run with missing relationships.

435
Multi-Selectmedium

Which TWO statements are true about GlideAggregate?

Select 2 answers
A.It uses getRowCount() to retrieve the count.
B.It can only be used with sys_id fields.
C.It provides methods like addAggregate and getAggregate.
D.It extends the GlideRecord class.
E.It can aggregate data across multiple tables in a single query.
AnswersC, D

Correct: These are key methods for aggregation.

Why this answer

Options A and D are correct. GlideAggregate extends GlideRecord and provides aggregate functions. Option B is wrong because it does not use getRowCount() but addAggregate().

Option C is wrong because it does not have query with limit. Option E is wrong because it does not support multiple tables in one query.

436
MCQeasy

A developer needs to expose a custom table's data via REST API in ServiceNow Studio. Which approach should they use?

A.Configure a REST API from the system Web Services menu.
B.Create a Scripted REST API in Studio.
C.Generate an API from the Application Menu.
D.Use the table API directly without any configuration.
AnswerB

Correct. Studio provides a template for Scripted REST APIs.

Why this answer

Option A is correct because Scripted REST API allows creating custom endpoints in Studio. Option B is wrong as the table API requires ACLs and is not directly available. Option C is wrong because configuring from the system Web Services menu is not part of Studio.

Option D is wrong because generating an API from the Application Menu is not a standard Studio feature.

437
Multi-Selectmedium

A developer is investigating why an outbound REST message is not sending data correctly. Which TWO actions should the developer check first? (Choose two.)

Select 2 answers
A.Restart the web server.
B.Reinstall the ServiceNow instance.
C.Review the script include for errors.
D.Check the authentication profile.
E.Verify the endpoint URL.
AnswersD, E

Invalid credentials or configuration can prevent sending.

Why this answer

The most immediate checks are the endpoint URL to ensure it is correct, and the authentication profile to ensure credentials are valid. These are common causes of failures.

438
MCQhard

A developer is designing a solution to allow users to request access to specific applications through a Service Catalog. Each application can be requested by multiple users, and each user can request multiple applications. The request must capture the user's business justification and the date needed. The developer needs to model the data. Which database schema design best adheres to ServiceNow best practices?

A.Add a string field on the Application table that stores a comma-separated list of user sys_ids
B.Add a multi-reference field on the User table that lists all requested applications
C.Create a custom table 'u_application_request' with fields: user (reference to sys_user), application (reference to custom application table), justification (string), date_needed (date)
D.Create one table for all requests with a reference to both user and application, but store justification and date needed separately in a different table
AnswerC

Correct; a dedicated M2M table with additional attributes models the relationship and captures extra data.

Why this answer

Option C is correct because it creates a dedicated 'u_application_request' table with reference fields to both sys_user and the custom application table, plus justification and date_needed fields. This models the many-to-many relationship properly with additional attributes, adhering to ServiceNow best practices of using reference fields for relationships and avoiding unstructured data storage.

Exam trap

The trap here is that candidates often choose Option D thinking it follows 'separation of concerns' by splitting data into multiple tables, but ServiceNow best practices favor a single table for all attributes of a relationship to maintain simplicity and query performance.

How to eliminate wrong answers

Option A is wrong because storing comma-separated user sys_ids in a string field violates normalization principles, makes querying and reporting inefficient, and breaks referential integrity. Option B is wrong because a multi-reference field on the User table can list applications but cannot capture additional attributes like justification and date_needed, and it creates an asymmetric relationship that complicates maintenance. Option D is wrong because storing justification and date_needed in a separate table from the request association introduces unnecessary complexity and fragmentation, violating the principle of keeping related data together in a single table.

439
MCQeasy

Refer to the exhibit. The developer expects a list of incidents in the widget, but the page renders with an error. What is the most likely cause?

A.The server script is missing a return statement
B.getRow() is not a valid method on GlideRecord
C.The query does not filter for active incidents
D.The data.items array is not initialized correctly
AnswerB

Correct: getRow() is not a GlideRecord method; it causes a script error.

Why this answer

The method getRow() does not exist on GlideRecord. The correct approach is to use getValue() for each field. Option A is correct.

Options B and C are possible but not the most likely cause of an immediate error. Option D is incorrect because server scripts do not require a return statement.

440
Multi-Selecthard

A developer is designing a custom application with a table that stores sensitive employee data. The requirement is that only managers can view records where they are the manager of the employee. Which two configurations are needed to implement this requirement?

Select 2 answers
A.Use a UI Policy to set fields to read-only or invisible for non-managers
B.Create an ACL with a condition script that checks if the logged-in user is the manager of the record's employee
C.Create a new view that excludes sensitive fields
D.Create a Business Rule that deletes records if the user is not the manager
E.Use a Client Script to hide fields if the user is not the manager
AnswersA, B

UI Policies can set field attributes like visible or read-only based on conditions.

Why this answer

Option A is correct because UI Policies can be configured to set fields as read-only or invisible based on conditions, such as the user's role or relationship to the record. This allows non-managers to see the record but prevents them from viewing sensitive fields, aligning with the requirement to restrict visibility at the field level.

Exam trap

The trap here is that candidates often confuse client-side controls (UI Policies, Client Scripts) with server-side security (ACLs), assuming that hiding fields on the form is sufficient to protect sensitive data, when in fact ACLs are required to prevent data access via web services or direct database queries.

441
MCQmedium

The above script runs in a business rule on the Incident table. What is a potential issue with this script?

A.It will only update the first matching record.
B.It may cause an infinite loop if the same business rule triggers on update.
C.It uses a deprecated API.
D.It will not commit changes because update() is not used correctly.
AnswerB

Correct; the script updates incidents, and if the business rule also fires on update, it can trigger recursively.

Why this answer

Option B is correct because updating incidents using gr.update() could trigger the same business rule again (if the rule runs on update), causing an infinite loop. Option A is incorrect because the API is not deprecated. Option C is incorrect because update() does commit changes.

Option D is incorrect because the while loop iterates all matching records.

442
Multi-Selecthard

Which THREE statements are correct about script includes and their usage across scopes? (Select THREE)

Select 3 answers
A.A script include can be accessed from a Business Rule in a different scope if the script include is defined as a global script include.
B.Script includes defined as 'public' can be accessed from any scope without restriction.
C.A script include must be marked as 'public' to be accessible from other scopes.
D.To call a script include from another scope, you must use the global scope prefix.
E.The 'Accessible from' property can be set to 'All scopes' or specific scopes.
AnswersA, C, E

Global script includes are accessible.

Why this answer

Option A is correct because script includes in ServiceNow are isolated by scope by default. To make a script include accessible from a business rule in a different scope, it must be defined as a global script include (i.e., its scope is set to 'Global'). This allows the script include to be referenced and executed from any scope without requiring the global scope prefix.

Exam trap

The trap here is that candidates often confuse the 'public' access modifier from other programming languages with ServiceNow's 'Accessible from' property, leading them to select option B as correct.

443
MCQhard

A company wants to create a custom homepage for their service portal that displays three different data sources in a single view. The design must ensure that if one data source fails to load, the other two continue to function. Which implementation approach aligns best with this requirement?

A.Use a parent widget that calls three child widgets
B.Use three separate widgets each fetching their own data
C.Use a widget that loads data in parallel with error handling
D.Use a single widget that fetches all data sequentially
AnswerB

Correct: Separate widgets run independently, so one failure does not affect others.

Why this answer

Using three separate widgets isolates failures. Options A, C, and D can cause cascading failures. Option B ensures independence.

444
MCQhard

A large enterprise manages its IT assets using a custom table 'u_asset_tracking', which includes a reference field 'u_location' pointing to the 'cmn_location' table. After a recent application upgrade, users report that the location is not being displayed for assets older than six months, although it works for newer assets. A client script uses GlideAjax to fetch the location via a Script Include called 'AssetUtils'. The Script Include performs a GlideRecord query on 'u_asset_tracking' and then dot-walks to 'u_location.sys_id' to retrieve the location name. The upgrade included changes to the application's access controls. The logs show no errors, but the Ajax call returns null for the location. What should the developer do to resolve this issue?

A.Modify the Script Include to use addNullQuery('u_location') to skip empty location fields.
B.Ensure the 'read' role on the 'cmn_location' table is granted to the application's scope or the user's role.
C.Change the client script to use a UI Policy instead of GlideAjax to handle the location display.
D.Write a fix script to update the 'u_location' field for all assets older than six months.
AnswerB

The upgrade likely changed ACLs; granting read access to 'cmn_location' for the appropriate scope or role resolves the null returns.

Why this answer

The issue is that after the upgrade, access controls (ACLs) were changed, and the Script Include's GlideRecord query dot-walks to 'cmn_location' to retrieve the location name. Even though the query on 'u_asset_tracking' succeeds, the dot-walk to 'cmn_location' fails silently because the script's execution context (or the user's session) lacks the 'read' role on the 'cmn_location' table. Granting the 'read' role ensures the GlideRecord can access the referenced record, resolving the null return.

Exam trap

The trap here is that candidates assume the issue is with the query logic or data integrity (options A or D) rather than recognizing that a silent ACL failure on a dot-walked table is a common post-upgrade problem, especially when no errors appear in logs.

How to eliminate wrong answers

Option A is wrong because addNullQuery('u_location') would filter out records where the location field is empty, but the problem is that the location is not being displayed for assets older than six months, not that the field is null; this would not fix the access control issue. Option C is wrong because a UI Policy runs client-side and cannot perform server-side GlideRecord queries to fetch location data; it would not replace the GlideAjax call that retrieves the location name. Option D is wrong because writing a fix script to update the 'u_location' field would not address the underlying access control restriction that prevents the dot-walk from reading the location record; the data is already correct but inaccessible.

445
Drag & Dropmedium

Drag and drop the steps to create a UI Action in ServiceNow into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

The correct order: navigate to UI Actions, create new, define table and names, set conditions, script and submit.

446
MCQeasy

The client script above runs on a text field's onChange event. When the user changes the field, the 'short_description' field is not updated. What is the most likely reason?

A.The script is missing a semicolon after the setValue statement.
B.The 'short_description' field is defined as read-only on the form.
C.g_form is not available in the onChange client script.
D.The script runs before the new value is assigned to the field.
AnswerB

g_form.setValue cannot modify read-only fields.

Why this answer

Option C is correct because if the target field ('short_description') is set to read-only, g_form.setValue() will not change its value. Option A is wrong because semicolons are optional in JavaScript and missing one would not cause this specific issue. Option B is wrong because g_form is available in client scripts.

Option D is wrong because the onChange event fires after the new value is set.

447
Multi-Selecthard

Which THREE considerations are important when designing a scoped application for a customer?

Select 3 answers
A.Minimize number of update sets.
B.Avoid modifying global tables directly.
C.Scope application name uniquely.
D.Use global Business Rules for performance.
E.Include only necessary features.
AnswersB, C, E

Correct. Modifying global tables can cause conflicts with other applications.

Why this answer

Options B, D, and E are correct. Avoiding direct modification of global tables prevents unintended side effects. Unique scoping avoids conflicts.

Including only necessary features reduces complexity. Option A is wrong as minimizing update sets is not a design consideration. Option C is wrong because using global Business Rules defeats the purpose of scoping.

448
MCQeasy

As a best practice, which method should be used to schedule recurring data imports from external sources?

A.Deploy an update set for each import
B.Use a Flow Designer flow with an HTTP trigger
C.Configure a scheduled job to use the Import Set API or transform
D.Create a business rule that triggers on a condition
AnswerC

Scheduled jobs are designed for recurring tasks like data imports.

Why this answer

Option B is correct: scheduled jobs with import set API provide reliable automation. Option A is wrong because business rules are not for scheduling. Option C is wrong because flow designer is for real-time integrations, not scheduled imports.

Option D is wrong because update sets are for version control, not scheduling.

449
MCQhard

A large financial institution has a custom application for managing trade requests. The application uses a business rule on the 'Trade' table that calculates and sets the 'net_value' field based on 'quantity' and 'price'. Recently, traders have reported that when they update existing trades via a REST API integration, the 'net_value' field is not being recalculated. The business rule is set to run 'before' insert and 'before' update. The REST API uses GlideRecord to update the trade records. Upon investigation, the developer finds that the business rule script includes a check: 'if (current.changes('quantity') || current.changes('price')) { // recalculate }'. The script works correctly when updates are made from the UI. What is the most likely cause of the issue?

A.The business rule is set to run 'before' update, but the REST API triggers 'after' update.
B.The GlideRecord used in the REST API does not load the record's previous values, so changes() returns false.
C.The REST API sends the update request to a different instance, bypassing the business rule.
D.The condition 'current.changes('quantity') || current.changes('price')' is incorrectly formatted; it should use 'current.changes('quantity') || current.changes('price')'.
AnswerB

The changes() method relies on the previous values being loaded into the GlideRecord object. If the script creates a new GlideRecord and sets fields without first getting the record, or if the update is performed via a GlideRecord that hasn't been initialized with the old record, changes() may not detect changes.

Why this answer

The GlideRecord API used in REST API integrations does not automatically load the previous values of fields into the `changes()` method. When a record is updated via GlideRecord in a scripted REST API, the `current` object in the business rule does not have the 'previous' values populated, so `current.changes('quantity')` and `current.changes('price')` both return `false`. This causes the recalculation logic to be skipped, even though the business rule is set to run 'before update'.

In contrast, UI updates load previous values correctly, making `changes()` work as expected.

Exam trap

The trap here is that candidates assume `changes()` works universally in all update contexts, but ServiceNow specifically designed it to rely on the `previous` object, which is not populated in scripted REST API GlideRecord updates unless the record is explicitly loaded with `get()` before modification.

How to eliminate wrong answers

Option A is wrong because the business rule is set to run 'before update', and REST API updates still trigger 'before update' business rules; the issue is not about timing. Option C is wrong because REST API updates target the same instance where the business rule is defined; they do not bypass it unless explicitly routed elsewhere. Option D is wrong because the condition syntax is correct; the problem is not with the formatting of the condition but with the underlying data available to `changes()`.

450
MCQmedium

A developer created a custom form section for the 'change_request' table that contains a reference field to 'cmdb_ci'. The section is visible in the form layout for all change request types. However, when the 'type' field is set to 'Emergency', the section should not be visible. The developer added a UI Policy to hide the entire section when type is 'Emergency'. But the section remains visible. After checking, the UI Policy is active and the condition is set correctly. What is the most likely reason the UI Policy is not working, and what is the best fix?

A.The section's 'Visible' checkbox in the form layout must be unchecked and then controlled by the UI Policy
B.UI Policies cannot hide form sections; they only control field-level visibility. The developer should hide each field in the section individually via UI Policy or use a client script to hide the section div
C.The UI Policy must be set to 'Run for all users' and the section must be assigned a 'visible' attribute
D.The UI Policy order is too low; it should be set to a higher priority number
AnswerB

This is the correct analysis and solution.

Why this answer

Option C is correct because UI Policies can only control individual field visibility, not entire form sections. The best fix is to hide all fields in the section, or use a client script to hide the section via CSS. Option A is incorrect because UI Policies cannot directly target form sections.

Option B is incorrect because there is no default order issue; UI Policies work on fields. Option D is incorrect because the section has no 'visible' attribute.

Page 5

Page 6 of 7

Page 7

All pages