Text preview & study summary
ServiceNow CIS-CSA - Certified System Administrator
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
An administrator needs to open profile options, personal preferences, and impersonation from the banner area in a classic interface.
What menu should they use?
Explanation
User menu is correct because profile options, preferences, and impersonation are typically exposed from the banner user menu in classic interface patterns.
Application Navigator user record module is incorrect because the navigator opens application modules. It is not the banner menu used for personal profile and impersonation controls.
Related Links formatter appears on forms and exposes record-related actions or links. It is not the global user menu.
Schema map shows table structure and relationships. It does not provide profile, preference, or impersonation actions.
Question 2
A release lead is training a new developer on Update Set hygiene. Match each **update set concept** to the correct practice:
Explanation
Update Set capture scope → Tracks configuration metadata, not business row backups: Update Sets move tracked configuration, not normal transaction data.
Update Set capture scope paired with Close baseline mixes capture behavior with lifecycle state.
Complete state → Close baseline; start a new set for additional tracked work: Completing a set signals that it is ready for promotion and should not keep collecting unrelated changes.
Complete state paired with Avoid—risks drift is related but points to reopening behavior rather than the purpose of completion.
Default update set → Captures new changes for the administrator’s active context: The default set receives newly tracked configuration changes.
Default update set paired with Tracks configuration metadata describes Update Sets generally, not the special meaning of default.
Reopen completed set after migration → Avoid—risks drift with downstream environments: Reopening a migrated baseline makes it harder to know what changed where.
Reopen completed set paired with Captures new changes describes what could happen, but it is not the recommended practice.
Question 3
A team wants board cards to stay connected to real task records returned by a filtered list. Moving or updating a card should reflect work on the underlying task rather than behave like a free sticky note.
What board type fits?
Explanation
Flexible board sourced from a list/filter is correct because the team wants cards tied to real task records returned by a filtered list.
Freeform manual board is incorrect because freeform boards behave more like manually managed cards or sticky notes, which is the behavior the team does not want.
Guided board using task cards from a configured process is a real board type, but the scenario specifically points to a filtered list as the source.
List report grouped by state may visualize records, but it is a report, not a Visual Task Board type.
Question 4
A service owner is comparing common self-service capabilities. Match each component to its primary role:
Explanation
Knowledge article → Publishes governed answers for search and deflection is correct. Knowledge is content that helps users solve or understand issues without always opening a new request.
Catalog item → Captures standardized service requests with workflow is correct because catalog items collect variables and start fulfillment.
Virtual Agent topic → Guided conversational automation in portals is correct because topics guide users through conversational paths and actions.
Workflow Studio flow → Orchestrates approvals and tasks behind catalog or cases is correct. The flow is the behind-the-scenes automation, not the catalog item or article itself. These pieces often connect, but they do not do the same job.
Question 5
Security monitoring needs to detect repeated failed login attempts against many accounts over a short period. The team wants an alert that identifies possible brute-force or spray behavior.
Which monitoring alert fits?
Explanation
Thresholded failed-authentication spikes is correct because brute-force and spray detection depends on repeated failure patterns by account, source, and time window.
Successful password reset events may be worth monitoring, but they do not directly indicate a brute-force pattern.
Role assignment changes on sys_user_has_role are important for access governance, not login attack detection.
SSO metadata certificate expiration can break authentication, but it is not a brute-force alert.
