SNOW-CSA · topic practice

Application Rules, ACL and Notifications practice questions

Practise SNOW-CSA ACL questions covering standard vs extended ACLs, top-down processing, implicit deny, inbound vs outbound placement, and troubleshooting traffic that is unexpectedly blocked or permitted.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Application Rules, ACL and Notifications

What the exam tests

What to know about Application Rules, ACL and Notifications

ACL questions usually test top-down rule processing, source and destination matching, protocol or port logic, and where the ACL should be applied.

Standard versus extended ACL behaviour.

Top-down processing and the implicit deny rule.

Source, destination, protocol and port matching.

Inbound versus outbound ACL placement.

Why learners struggle

Why Application Rules, ACL and Notifications questions are commonly missed

ACL questions are missed when learners apply the wrong direction, overlook the implicit deny, or confuse standard ACL source-only matching with extended ACL protocol and destination matching. A single out-of-order rule or wrong interface direction makes an otherwise correct ACL fail.

  • ·Top-down first-match processing — rule order matters; the first match ends evaluation
  • ·Implicit deny — all traffic not explicitly permitted is denied at the end of every ACL
  • ·Standard ACLs match source address only — destination, protocol, and port are not considered
  • ·Extended ACLs match source, destination, protocol, and port — giving finer control
  • ·Inbound vs outbound — applying the ACL in the wrong direction blocks the wrong traffic
  • ·Standard ACLs placed near the destination to avoid blocking other traffic unnecessarily

Watch out for

Common Application Rules, ACL and Notifications exam traps

  • ACLs are processed from top to bottom; the first match wins.
  • There is an implicit deny at the end of most ACLs.
  • Standard ACLs match source only, while extended ACLs can match protocol, source, destination and ports.
  • Applying an ACL in the wrong direction can make a correct ACL look broken.

Practice set

Application Rules, ACL and Notifications questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Study the full ACL explanation →

A company has a custom table 'u_employee_data' with a before query business rule that sets 'u_department' to 'Engineering' when the current user is in the 'ITIL' role. After the business rule is activated, users in the 'ITIL' role report that when they query the table, they see only records with department 'Engineering'. However, the business rule is intended to set the default department for new records only. What is the most likely cause?

Question 2hardmultiple choice
Study the full ACL explanation →

An administrator creates a new ACL for the 'incident' table with type 'record', operation 'read', condition script 'current.assignment_group == gs.getUser().getMyGroups()', and requires role 'snc_internal'. A user with role 'snc_internal' who is a member of group 'Service Desk' can view incidents assigned to 'Service Desk' but cannot view incidents assigned to 'Network Support'. What is the most likely reason?

Question 3easymulti select
Study the full ACL explanation →

An administrator wants to send an email notification when a change request state changes to 'scheduled'. The notification should be sent to the change manager. Which two fields must be configured in the notification record?

Question 4hardmultiple choice
Study the full ACL explanation →

A junior administrator configures the above business rule and ACL. When a user without any role opens an incident with category 'database' and state 1, the priority is set to 1 correctly. However, the user cannot view the incident record. What is the most likely reason?

Exhibit

Refer to the exhibit.

```
Business Rule: "Set Priority"
Table: [incident]
When: before
Order: 100
Condition: current.category == 'database'
Script:
(function executeRule(current, previous /*null when async*/) {
    if (current.state == 1) {
        current.priority = 1;
    }
})(current, previous);
```

ACL: "Incident Read"
Type: record
Operation: read
Name: incident.*
Role: (empty)
Condition: current.assignment_group == 'a1b2c3d4e5f6g7h8i9j0k1l2'
Script: (empty)
Requires role: true
Question 5mediummulti select
Study the full ACL explanation →

Which TWO conditions must be met for a business rule to execute on a table? (Choose TWO.)

Question 6hardmulti select
Study the full ACL explanation →

Which THREE statements about Access Control Lists (ACLs) are true? (Choose THREE.)

Question 7easymultiple choice
Study the full ACL explanation →

An administrator creates a notification for the 'incident' table to send an email when the state changes to 'resolved'. The notification works for most users, but some users report not receiving the email. What is the most likely cause?

Question 8hardmultiple choice
Study the full ACL explanation →

A company wants to block all update operations on the 'problem' table for users with only the 'itil' role, except for the user who created the record. Which ACL configuration should be used?

Question 9mediummultiple choice
Study the full ACL explanation →

A business rule is set to run on 'before update' on the 'incident' table. The script updates 'current.description' and then calls 'current.update()'. What is the likely outcome?

Question 10easymultiple choice
Study the full ACL explanation →

Based on the exhibit, who will receive the email notification?

Exhibit

Refer to the exhibit.

```
Notification: "Incident Created"
Table: incident
When to send: 
  - Condition: State changes to 'new'
Who will receive: 
  - Recipients: Assigned user
  - Also send to: Caller
Email template: (none)
```

A user creates an incident via self-service portal. The incident state is set to 'new'. The assigned user is empty. The caller is the user. The notification is active.
Question 11easymulti select
Study the full ACL explanation →

A notification should be sent to the change manager when a change request is submitted. Which TWO fields must be configured? (Choose TWO.)

Question 12hardmultiple choice
Study the full ACL explanation →

You are a ServiceNow administrator for a large enterprise. The company has a custom application that uses a table 'u_asset_tracking' to track IT assets. The table has a before insert business rule that sets the 'u_assigned_to' field to the current user if the field is empty. Recently, the security team reported that some users are able to view asset records that they should not see. After investigation, you find that the 'u_asset_tracking' table has no ACLs defined, and the default table ACL allows read access to all authenticated users. The business rule is working correctly. You need to restrict read access so that users can only see records where 'u_assigned_to' is themselves or where they are in the same 'u_department' as the record's 'u_department'. You must ensure that the solution does not affect other tables. Which approach should you take?

Question 13hardmultiple choice
Study the full ACL explanation →

A system administrator needs to allow users with the 'incident_manager' role to delete incidents only if the incident state is 'New' or 'Work in Progress'. They create an ACL with the following conditions: type='record', operation='delete', name='incident', condition: gs.hasRole('incident_manager') && current.state == 1 || current.state == 2. After testing, users with the role can delete incidents in any state. What is the most likely cause?

Question 14mediummulti select
Study the full ACL explanation →

Which THREE of the following are true regarding business rules and their execution order?

Question 15easymultiple choice
Study the full ACL explanation →

A ServiceNow administrator is troubleshooting a notification issue. The company has a 'Customer Satisfaction Survey' notification that is supposed to send an email to the 'caller' of an incident when the incident state changes to 'Resolved' (state=6). The notification is configured with table 'incident', condition 'state changes to 6', and recipient 'caller'. However, the email is not being sent. The administrator checks the system log and finds no errors. The notification has an advanced script that checks if the 'caller' has a valid email address. The script is: if (current.caller_id.email == '') { return false; }. The administrator confirms that the caller's email field is populated. What is the most likely reason the notification is not sending?

Question 16mediumdrag order
Study the full ACL explanation →

Drag and drop the steps to configure an inbound email action in ServiceNow into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 17mediummatching
Study the full ACL explanation →

Match each ServiceNow module to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Restore normal service operation as quickly as possible

Control the lifecycle of all changes to the IT environment

Identify and manage root causes of incidents

Provide a menu of services for users to request

Capture and share knowledge articles

Question 18easymultiple choice
Study the full ACL explanation →

A system administrator needs to prevent users from deleting any records in the 'incident' table. Which method will achieve this most effectively?

Question 19easymultiple choice
Study the full ACL explanation →

A business rule is configured to run 'before' a record is updated. If the business rule sets a field value and then a subsequent 'after' business rule also updates the same field, what will be the final value stored in the database?

Question 20mediummultiple choice
Study the full ACL explanation →

A notification is not sending emails to the intended recipients. The notification's 'Who will receive' tab is set to 'Event creator' and the event is triggered by a business rule. However, the email recipient list is empty. What is the most likely cause?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Application Rules, ACL and Notifications sessions

Start a Application Rules, ACL and Notifications only practice session

Every question in these sessions is drawn from the Application Rules, ACL and Notifications domain — nothing else.

Related practice questions

Related SNOW-CSA topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SNOW-CSA exam test about Application Rules, ACL and Notifications?
ACL questions usually test top-down rule processing, source and destination matching, protocol or port logic, and where the ACL should be applied.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Application Rules, ACL and Notifications questions in a focused session?
Yes — the session launcher on this page draws every question from the Application Rules, ACL and Notifications domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SNOW-CSA topics?
Use the topic links above to move to related areas, or go back to the SNOW-CSA question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SNOW-CSA exam covers. They are not copied from any real exam or dump site.