Practise ServiceNow Certified System Administrator CSA practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.
These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.
Quick answer
Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Related practice questions
Related SNOW-CSA topic practice pages
Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.
An organization is planning to implement CMDB for a large-scale environment with multiple data sources. They need to ensure that the most trustworthy data source takes precedence when conflicts occur. Which feature should they use?
A
Identification & Reconciliation engine
Why wrong: This engine handles CI identification, not source priority.
B
Reconciliation
Why wrong: Reconciliation resolves conflicts but does not set source priority by itself.
C
Set source precedence in the CI class manager for each CI
Why wrong: Source precedence is not set per CI but globally.
D
Data Source Priority
This feature allows setting precedence for data sources.
Refer to the exhibit. A catalog item has a variable 'department' (choice list with values 'IT', 'HR', 'Finance') and a variable 'cost_center' (choice list initially empty). The client script is supposed to add an option to 'cost_center' when 'department' is set to 'IT'. However, when a user selects 'IT', no new option appears. What is the most likely reason?
Exhibit
Refer to the exhibit.
```javascript
// Catalog Client Script - onChange on variable 'department'
function onChange(control, oldValue, newValue, isLoading) {
if (isLoading || newValue == '') { return; }
if (newValue == 'IT') {
g_form.addOption('cost_center', 'IT_CC', 'IT Cost Center');
} else {
g_form.clearOptions('cost_center');
}
}
```
A
The variable 'cost_center' is not a 'Choice' variable type.
addOption only works on choice-type variables.
B
The script is a server-side script and cannot use 'g_form'.
Why wrong: Client scripts use g_form.
C
The script needs to call 'g_form.clearOptions()' before adding options.
Why wrong: clearOptions is already called in the else branch, but not needed before addOption.
D
The method should be 'g_form.addOption()' with different syntax.
An organization has a Service Level Agreement (SLA) defined on the Incident table with a condition of 'Category is Network' and a duration of 4 hours. The SLA is triggered when the incident state changes from 'New' to 'In Progress'. A network incident is created and assigned to the Network Support group. The incident state is changed to 'In Progress' immediately. After 3 hours, the incident is resolved. However, the SLA shows a breach despite the resolution being within 4 hours. What is the most likely cause?
A
The SLA stop condition is set to 'State is Resolved', but the SLA was paused due to a schedule (e.g., after-hours pause) and the pause time was not counted, causing the actual working time to exceed 4 hours.
If the SLA has a schedule that pauses during non-business hours, the elapsed business time may exceed 4 hours even if real time is less.
B
The SLA is assigned to the Network Support group, but the assignment group was changed during the incident.
Why wrong: SLA is based on the incident record, not the assignment group.
C
The SLA duration is defined in business hours, and the incident was created after business hours, so the elapsed time counted only business hours, making the 4-hour window longer in real time.
Why wrong: Business hours would extend real time, not cause a breach within 3 hours.
D
The SLA condition 'Category is Network' was not evaluated correctly because the category field was updated after the SLA was triggered.
Why wrong: The condition is evaluated at trigger time; changes after do not affect SLA.
An administrator is designing a catalog item for software requests. The item must capture the user's department automatically and pre-populate the cost center. Which feature should be used to achieve this?
A
Catalog Client Script
Why wrong: Catalog client scripts can set values but defaults are more efficient.
B
UI Policy
Why wrong: UI policies control visibility and mandatory fields, not default values.
C
Variable default value using system properties
Defaults can be set to user's department and cost center from user record.
D
Client Script
Why wrong: Client scripts can set values but require a script; defaults are simpler.
You are the ServiceNow administrator for a large enterprise with over 10,000 users. The company uses the Employee Center portal for self-service. Recently, users have reported that when they submit a catalog item, the confirmation page takes over 30 seconds to load, and sometimes they receive a timeout error. The issue only occurs for catalog items that have a workflow attached. The workflows are complex with multiple approval stages and notifications. The server logs show no errors, but the average response time for catalog item submissions with workflows is 45 seconds, compared to 5 seconds for items without workflows. The instance is running on a medium-sized node with default settings. You need to resolve the performance issue without changing the workflow logic or the user interface. What should you do?
A
Disable all approval stages in the workflows
Why wrong: This would break process compliance.
B
Configure the workflows to run asynchronously
Asynchronous execution prevents the user interface from waiting for the workflow to complete.
C
Upgrade the instance to a larger node size
Why wrong: This may help but is not a targeted solution and may not resolve the issue.
D
Move the workflows to a separate instance
Why wrong: This is impractical and not a standard approach.
A catalog item has multiple variables, and the administrator wants to show a variable only if a previous variable is set to a specific value. Which feature should be used?
A
UI Policy
UI policies control visibility and mandatory conditions.
B
Client Script
Why wrong: Client scripts can hide fields but UI policy is the recommended approach.
C
Catalog Client Script
Why wrong: Catalog client scripts are used for actions, not visibility control.
D
Access Control List (ACL)
Why wrong: ACLs control data access, not variable visibility.
An administrator needs to provide a custom view for the Incident table that hides the 'Description' field and reorders fields for a specific group of users. The view should be accessible from the form context menu. Which approach should the administrator take?
A
Create a UI Policy that hides the 'Description' field and reorders fields for the specific group.
Why wrong: UI Policies apply to all users, not specific groups.
B
Use the 'Personalize Form' option to rearrange fields and share the view with the group.
Why wrong: Personalized forms are user-specific and not shareable.
C
Create a new view for the Incident table and assign it to a user criteria that includes the group.
Views can be scoped to user criteria.
D
Write a Business Rule that updates the form configuration when the group members open a record.
Why wrong: Business Rules do not modify form layout.
An administrator creates a new ACL for the 'incident' table with type 'record', operation 'read', condition script 'current.assignment_group == gs.getUser().getMyGroups()', and requires role 'snc_internal'. A user with role 'snc_internal' who is a member of group 'Service Desk' can view incidents assigned to 'Service Desk' but cannot view incidents assigned to 'Network Support'. What is the most likely reason?
A
The condition script uses 'current.assignment_group' which returns a sys_id, but 'gs.getUser().getMyGroups()' returns a list of group names.
Why wrong: Both return sys_ids; the comparison works.
B
The condition script should use 'current.assignment_group.isOneOf(gs.getUser().getMyGroups())' instead.
Why wrong: The given comparison is valid.
C
The user does not have the 'snc_internal' role.
Why wrong: The user has the role as stated.
D
Another ACL with higher order denies read access to all incidents not matching the condition.
ACL order matters; a deny rule could be overriding.
A company wants to block all update operations on the 'problem' table for users with only the 'itil' role, except for the user who created the record. Which ACL configuration should be used?
A
Create an ACL with type 'record', operation 'write', role 'itil', condition script 'current.assignment_group == gs.getUser().getMyGroups()', and set 'Requires role' true.
Why wrong: This grants write based on group, not creator.
B
Create an ACL with type 'record', operation 'write', role 'itil', condition script empty, and uncheck 'Requires role'.
Why wrong: This would deny write to all itil users unconditionally.
C
Create an ACL with type 'record', operation 'write', role 'itil', condition script 'current.created_by != gs.getUserID()', and set 'Requires role' true.
Denies write to itil users if they are not the creator.
D
Create an ACL with type 'record', operation 'write', role 'itil', condition script 'current.created_by == gs.getUserID()', and set 'Requires role' true.
Why wrong: This grants write only to creators, but other itil users are denied (good), but ACL order might cause issues; also need to ensure no other ACL grants write.
A transform map for importing incidents uses a co-paste field mapping for 'short_description' that references the source field 'caller_id'. The import fails with the error shown. What is the most likely cause?
Exhibit
Refer to the exhibit.
Error log:
2024-03-15 14:32:10 (source) Import Set: sys_import_set_2c9a3b1e6f7a8d
2024-03-15 14:32:10 Transform: sys_transform_map_8d7e6f5a4b3c2d
2024-03-15 14:32:10 Target table: incident
2024-03-15 14:32:10 Field mapping: short_description <- co-paste(short_description, ' - ', caller_id)
2024-03-15 14:32:10 Error: Field 'caller_id' not found in source table
2024-03-15 14:32:10 Transform aborted.
A
The 'caller_id' field in the target table is read-only
Why wrong: Read-only fields would cause a different error.
B
The import set does not contain a column named 'caller_id'
The error indicates the source table lacks the field.
C
The target table 'incident' does not have a 'caller_id' field
Why wrong: The error references 'source table', not target.
D
The co-paste function cannot combine more than two fields
A junior administrator configures the above business rule and ACL. When a user without any role opens an incident with category 'database' and state 1, the priority is set to 1 correctly. However, the user cannot view the incident record. What is the most likely reason?
Exhibit
Refer to the exhibit.
```
Business Rule: "Set Priority"
Table: [incident]
When: before
Order: 100
Condition: current.category == 'database'
Script:
(function executeRule(current, previous /*null when async*/) {
if (current.state == 1) {
current.priority = 1;
}
})(current, previous);
```
ACL: "Incident Read"
Type: record
Operation: read
Name: incident.*
Role: (empty)
Condition: current.assignment_group == 'a1b2c3d4e5f6g7h8i9j0k1l2'
Script: (empty)
Requires role: true
A
The ACL condition uses sys_id of assignment group, but the field stores display value.
Why wrong: Assignment group field stores sys_id, so comparison is valid.
B
The business rule runs before insert, but the ACL check occurs after insert.
Why wrong: The priority is set correctly, so the business rule runs; ACL check happens on query, not insert.
C
The ACL requires a role (empty role list means no role requirement? Actually requires role checked, but no roles listed means any authenticated user, but unauthenticated? The user has no role, and condition fails because assignment group mismatch.
The ACL requires a role and condition fails, so access is denied.
D
The business rule order (100) is too low and another rule overrides the priority.
Why wrong: The priority is set correctly as per symptom.
An administrator imports data from a CSV file into the 'cmdb_ci' table using a transform map. The import set row contains fields 'name', 'serial_number', and 'manufacturer'. The transform map has a field mapping for 'name' with a co-paste of 'name' and 'serial_number'. Another mapping for 'serial_number' uses a script to concatenate 'SN-' prefix. The 'manufacturer' field is not mapped. After the import, the resulting 'name' field contains 'Laptop123, SN-12345' and 'serial_number' contains 'SN-12345'. Which statement best describes the outcome?
A
The import fails because the 'manufacturer' field is not mapped
Why wrong: Unmapped fields are not imported but do not cause failure.
B
The 'name' field contains 'Laptop123, SN-12345' and 'serial_number' contains 'SN-12345'
Co-paste for 'name' concatenates source 'name' and source 'serial_number' (original), and the script for 'serial_number' transforms its own value.
C
The 'name' field contains 'Laptop123, 12345' because the script for 'serial_number' overrides the co-paste for 'name'
Why wrong: Scripts run per target field; co-paste for 'name' uses source values, not the script output for 'serial_number'.
D
The 'serial_number' field remains '12345' because the co-paste mapping for 'name' consumed the source field
Why wrong: Source fields are not consumed; they are available for multiple mappings.
A developer writes the script include above to create an approval record. When the method is called from a business rule on the requested item table, the approval is created but assigned to the wrong user. What is the most likely cause?
Exhibit
Refer to the exhibit.
sys_script_include.js:
var ApprovalHelper = Class.create();
ApprovalHelper.prototype = {
initialize: function() {},
sendApproval: function(rec) {
var user = gs.getUser();
var gr = new GlideRecord('sysapproval_approver');
gr.initialize();
gr.sysapproval = rec.sys_id;
gr.approver = user.getID();
gr.insert();
}
};
A
The method should use 'new GlideRecord' instead of 'var gr'
Why wrong: Variable declaration is fine.
B
The method uses gs.getUser() which returns the current user running the script, not the intended approver
In a business rule, the current user is often the system, not the actual requestor.
C
The method is not using the correct GlideRecord table name
Why wrong: The table name 'sysapproval_approver' is correct.
D
The method should call rec.update() after inserting the approval
A user reports that after clicking 'New' on the incident module, the form loads but the 'Category' field is missing. Other users see the field. What is the most likely cause?
A
The field is hidden by a UI policy
Why wrong: A UI policy would affect all users, not just one.
B
The field is not in the default form view
Why wrong: If other users see it, the default view includes the field.
C
The user has a personal form layout that removed the field
Personalization can cause a field to be missing for an individual user.
D
The user's role does not have read access to the field
Why wrong: ACLs would prevent access for all users with that role.
An administrator needs to ensure that when a user changes the 'State' field to 'Resolved' on an incident form, the 'Resolution Notes' field becomes mandatory. What should be configured?
A
Business rule
Why wrong: Business rules run server-side, not suitable for client-side mandatory behavior.
B
Client script with onChange event
Why wrong: Client scripts can set mandatory but require coding; UI policy is declarative and preferred.
C
UI policy
UI policies can make fields mandatory based on conditions without scripting.
D
Data policy
Why wrong: Data policies enforce rules server-side; not appropriate for client-side mandatory changes.
These SNOW-CSA practice questions are part of Courseiva's free ServiceNow certification practice question bank. Courseiva provides original exam-style SNOW-CSA questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.