Questions for the CSA were updated on : Dec 12 ,2025
What encryption feature is included in ServiceNow by default?
B
Explanation:
By default, ServiceNow encrypts data in transit using industry-standard Transport Layer Security (TLS)
protocols. This ensures that any data transmitted between the client and the ServiceNow platform,
or between ServiceNow and integrated systems, is encrypted and protected from interception or
tampering.
While ServiceNow also offers options for data at rest encryption and customer-managed encryption
keys, these features often require additional configuration or subscription services. Encryption of
data in use (while data is being processed in memory) is a more advanced concept and not provided
by default.
Thus, encryption of data in transit is the baseline encryption feature included automatically in all
ServiceNow instances.
Reference:
ServiceNow Security Operations Documentation, Encryption section
ServiceNow Trust and Compliance Documentation
ServiceNow System Administrator Study Guide, Security Chapter
ServiceNow Docs: Security and Encryption
An Administrator wants to display a reminder message to any user submitting an incident. Which
feature does this?
A
Explanation:
To display reminder messages or alerts to users as they interact with forms in ServiceNow, Client
Scripts are used. Specifically, an onSubmit Client Script can be configured to display a message or
perform validation just before the form is submitted by the user. This script runs on the client
(browser) and can prevent submission or prompt the user with informational messages.
Business Rules execute on the server and cannot directly interact with the user interface in real-time.
Policies and Data Policies enforce data consistency but do not provide user messages or reminders
during form submission.
Therefore, the Client Script is the correct mechanism to display a reminder message dynamically as
the incident is submitted.
Reference:
ServiceNow System Administrator Study Guide, Client Scripts section
ServiceNow Docs: Client Scripts - onSubmit
ServiceNow Docs: Data Policy Overview
Which components are the responsibility according to the Shared Responsibility Model?
Choose 2 answers
B,D
Explanation:
The Shared Responsibility Model in ServiceNow clearly delineates responsibilities between the cloud
service provider (ServiceNow) and the customer. ServiceNow manages the infrastructure, including
the physical data centers, networking, hardware, and media disposal and destruction, ensuring
proper security of the underlying platform. Hence, Media disposal and destruction and Infrastructure
management fall under the provider’s responsibility.
The customer is responsible for their data, including backup and restore, access management
(authentication and authorization), and encryption configuration on their data. While ServiceNow
provides encryption capabilities, the customer must configure and manage encryption keys and
access controls.
This model is critical for maintaining security and compliance in cloud environments and is explicitly
detailed in ServiceNow’s official documentation and cloud security best practices.
Reference:
ServiceNow Trust and Security Documentation, Shared Responsibility Model section
ServiceNow System Administrator Study Guide, Cloud Security Chapter
ServiceNow Docs: Shared Responsibility Model
Which statement correctly describes the differences between a Client Script and a Business Rule?
C
Explanation:
The fundamental difference between a Client Script and a Business Rule in ServiceNow lies in where
they execute and when. A Client Script runs on the client side — that is, in the user's browser — and
is primarily used to control UI behavior, validate data before submission, and enhance user
interaction with forms. Client Scripts can run at different stages (onLoad, onChange, onSubmit), but
they always execute within the browser environment.
A Business Rule, on the other hand, runs on the server side and executes when records are inserted,
updated, deleted, or queried in the database. Business Rules are used for enforcing data integrity,
automating server-side logic, and integrating with other systems. They can be set to run before or
after a database action (before insert, after update, etc.).
Therefore, the correct statement is that Client Scripts execute on the client and Business Rules
execute on the server.
Reference:
ServiceNow System Administrator Study Guide, Client Scripts and Business Rules chapter
ServiceNow Docs: Client Scripts
ServiceNow Docs: Business Rules
An Administrator wants to review all the users having privileged access to identify users that no
longer need this level of access. Which Security Center feature can help fulfill this requirement?
D
Explanation:
The Customer Actions feature in the Security Center allows administrators to take targeted actions
such as reviewing privileged user access and managing accounts that might pose a risk. It is
specifically designed to enable organizations to identify and remediate risks associated with user
privileges, such as excessive access rights or orphaned privileged accounts. This feature aggregates
risk data and prompts action items, allowing administrators to review, approve, or revoke privileged
access based on current organizational policies.
While Security Hardening focuses on platform configurations and the Security Posture Console
provides an overview of security metrics and trends, Customer Actions is the practical tool for
directly managing and reviewing privileged access to ensure least privilege principles are enforced.
Reference:
ServiceNow Security Operations Product Documentation, Security Center > Customer Actions
ServiceNow System Administrator Study Guide, Security Operations Chapter
ServiceNow Docs: Customer Actions
Which Security Center feature helps resolve platform-related security issues and misconfigurations?
C
Explanation:
The Security Hardening feature in the ServiceNow Security Operations Security Center is specifically
designed to help identify, resolve, and mitigate platform-related security issues and
misconfigurations. Security hardening provides prescriptive guidance on improving your platform’s
security posture by addressing vulnerabilities and ensuring compliance with security best practices. It
includes automated checks and recommendations related to system configurations, access controls,
and other settings that, if left unchecked, could expose the system to threats.
The Security Center’s Security Hardening dashboard aggregates these findings and allows
administrators to track remediation progress effectively. Unlike the Security Scanner, which focuses
more on vulnerability scanning of integrated systems, or Customer Actions, which involves manual
customer intervention for specific issues, Security Hardening is the proactive tool ServiceNow
provides to manage platform security risks internally.
Reference:
ServiceNow System Administrator Study Guide, Security Operations Chapter
ServiceNow Product Documentation, Security Operations > Security Center > Security Hardening
ServiceNow Docs: Security Hardening
Which one of the following is true for a table with the "Allow configuration" Application Access
option selected?
A
Which of the following methods prints a message on a blue background to the top of the current
form by default?
B
When evaluating Access Controls, ServiceNow searches and evaluates:
B
Which one of the following is true for a Script Include with a Protection Policy value of Protected?
C
Which objects can you use in a Scheduled Script Execution (Scheduled Job) script?
B
Which are reasons an application could be developed on the ServiceNow platform?
Choose 3 answers
A,C,D
Which one of the following is the fastest way to create and configure a Record Producer?
B
In a privately-scoped application, which methods are used for logging messages in server-side
scripts?
Choose 2 answers
C,D
What is the GlideForm Client-side scripting object?
D