Andrew Bowers Implementation Cert Quizlet Flashcards

1
Q

what does S.O.A.P. stand for?

A

Simple Object Access Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the four parts of SOAP message transformation

A
  1. Endpoint
  2. Action
  3. Headers/Attributes
  4. Envelope

Action, endpoint, and envelope are all populated automatically based on the Web Service Descriptive Language (WSDL) definition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a SOAP Endpoint

A

This is the URL or Address where the SOAP request is delivered. It must be able to reach that endpoint over the network in order for the communication to succeed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a SOAP Action

A

String that is often optional with the SOAP web service. However, some services do require this to be set. The string is often descriptive of what action should be performed by the web services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SOAP Headers/Attributes

A

Found within the HTTP request. They contain information regarding the protocol being used as well as other custom information such as session IDs, authentication token, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SOAP Envelope definition

A

Actual document that describes the details of the SOAP request. This is written in XML format. Has a header and a body similar to an HTML webpage. Header and body details are dictated by the web service and explained in a corresponding WSDL document

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SOAP Envelope Elements

A
  1. Main document
  2. Header (optional)
  3. Body
  4. Fault Element (Optional)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SOAP Envelope Header

A

Often contains processing instructions for the envelope, but it is not used in all web services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SOAP Envelope Body

A

Main part of the envelope, required for SOAP requests. Contains the actual message or request that is to be delivered to the web service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SOAP Envelope Fault Element

A

Often present if there was an error processing the web service request. The web service is responsible for populating this element with descriptive information to help the consumer understand what went wrong, and/or what to do next.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SOAP WSDL

A

Another XML document that is used in the SOAP protocol. It is a catalog of available functions provided by the web service. A SOAP web service consuming client information should be able to read this and generate a template of each of the available service requests provided by the web service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 3 Main steps in SOAP communication flow

A
  1. Client generates an XML envelope document and sends it to the service as a SOAP request.
  2. Server receives the SOAP request and processes that request in the manner in which it was coded.
  3. Server sends a SOAP response back to the client with an answer or response to the request that was submitted.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How to generate a sample SOAP Message

A

UI action “Generate sample SOAP Message” - will generate templates for all of the available services provided by that SOAP web service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does a SOAP Message UI connect to a Web Service

A

It can either specify a URL to a WSDL document or paste the WSDL document contents directly into the tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SOAP Message Function UI

A
  • You can open a function record to view details on the template for the request
  • Check the Lock field to ensure that future regenerations of SOAP functions do not overwrite the changes that you make to the current template
  • SN Supports the use of basic authentication, WS-security with outbound SOAP requests.
    • Customize SOAP action or endpoint manually by changing the text. May need to click the lock button to change the endpoint URL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Where do you create test values for SOAP message variables

A

SOAP Message Function UI - OPEN message parameters section

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the most common ways to call SOAP Messages through script?

A

Server-side scripts including:

  • Business Rules
  • Script Includes
  • Workflows
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the SOAPMessage Library

A

Application Program Interface (API) Around SN Graphical User Interface for Soap Messages (SOAP Message UI) Can be used to set point values, set variables, submit request, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which Script includes from the Script Includes library support users who are sending out SOAP requests

A

1) SOAPMessage - supports the SOAP Message UI
2) SOAPEnvelope - Used behind the curtain by SOAP Message UI, can be leveraged directly by an admin to create custom messages, bypassing the UI
3) SOAPRequest - Same as above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

XPATH

A

Standard mechanism used to parse XML documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

XPATH Character - /

A

Most basic and primary element. Level separator similar to Linus/UNIX paths on a file system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

XPATH Character - //

A

Denotes a relative path, rather than a strict path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

XPATH Character - *

A

Wildcard character in a string

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How do you use XPATH to get values out of an XML document?

A

Script include - XMLDocument

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is the most common operation performed by an XML Document Script include
getNodeText - takes an XPATH string in and attempts to parse the XML document with the XPATH to find the element you are looking for and returns the content of that element node
26
XML Helper
- Includes a number of functions. - Allows you to access parts of the XML document as if the various elements were member variables to an object. Each level down the XML document is represented by member variables that are new objects themselves. - Most commonly used function will take XML string and convert it to a JavaScript object.
27
REST
- REpresentational State Transfer - Lightweight alternative to SOAP - Very Loose Specification - Better suited to scale & performance - Most modern web applications are REST
28
ServiceNow REST functionality allows you to:
Retrieve, Create, Update, or Delete data on a web server
29
HTTP Methods supported by REST
* Get * Post * Put * Delete
30
REST Request and Response Elements
* Request URL: specifies the address of the resource plus the HTTP verb * Query Parameters: optional and appended to the URL path of the request * HTTP Headers : required component of the message and contain metadata for the transaction (encoding, date, authorization, etc.) * Content or Body: optional, contains data to be transmitted
31
Rest Message UI
* Similar to SOAP Message Tool * Requires an Endpoint * Generates the four HTTP Methods as Functions * Endpoint can use variables - ${varName}
32
Describe the following REST Function Option: Variables
* Can be used in various parts: * Endpoint URL * Header names or values * Function parameter definition names or values * Content
33
Describe the following REST Function Option: Connectivity Options
* Authentication * MID Server
34
Describe the following REST Function Option: Access to HTTP Request Components
* Headers * Parameters * Content (POST, PUT only)
35
Describe the following REST Function Option: Set Variable values
String v. XML
36
What are the REST Function Options
* Variables * Connectivity * Access to HTTP Request components * Set Variable Values * Test the request * Preview script usage
37
Stages of StartNow implementation methodology
1. Plan 2. Discover 3. Prepare 4. Deploy 5. Operate 6. Transform
38
What type of VPN does ServiceNow support?
Site-to-Site between data center and customer data center
39
What is VPN typically used for?
* Securing (encrypting) connections which originate at ServiceNow and destined for the customer's network * Access to customer's LDAP server * JDBC access/integration with a customer's database
40
How many VPN tunnels does ServiceNow support and why
Minimum of 2, maximum of 4. Not supported to serve multiple geographic regions or disparate networks within client organiztion
41
How do you request VPN?
Through HI. Typically takes 2 weeks
42
VPN for LDAP
Recommended that customers implement LDAPS (LDAP over SSL) v. standard LDAP (non-encrypted). Standard LDAP integration communicates over TCP on port 389. LDAPS communicates over TCP on 636 and requires a digital certificate which must be uploaded to the instance. VPN to be used if LDAP instead of LDAPS
43
VPN for JDBC & Web Services
Recommended to install Mid Server inside network, Mid server will communicate with instance over HTTPS
44
VPN for email integration
Not supported if ServiceNow is configured to utilize mail.service-now.com for SMTP and POP3, utilizes opportunistic TLS. If incoming server supports TLS, traffic is envrypted. If not, uses regular SMTP without encryption. Supported if customer's mail server is being used
45
DIT
Data is represented in an LDAP enabled directory as a hierarchy of objects, each of which is called an entry. Resulting tree structure is called a Data Information Tree (DIT)
46
DN (LDAP)
Distinguished name - fully qualified path in an LDAP tree
47
RDN (LDAP)
Each unique data attribute that is part of a Distinguished name is called a Relative Distinguished Name (RDN)
48
What are the requirements for LDAP Server Configuration in the Graphical User Interface (GUI)
* Name * Server URL * Login distinguished name * Login password * Starting search directory * Organizational Unit (OU) Definition
49
LDAP Organizational Unit (OU) Definition
Define directories that are the source for the imported data. Can contain locations, people, or user groups
50
Types of LDAP Communication channels
* Mid Server (can be used to import data but not for authentication) * Standard LDAP - communicates over TCP, does not require a certificate * SSL-encrypted (LDAPS), requires x.509 certificate * VPN, communicates over IPSEC tunnel
51
Testing LDAP Connection
* Manually through UI action * Automatically - SN tests every 15 minutes by default
52
Company Settings
* System Properties - My Company * Can Modify * Banner Text * Primary (T/F) * Banner Image (upload) * Further modifications made in glide.product.\_\_\_ properties
53
Where is Login Page Configuration adjusted
System UI \> Welcome Page Content
54
Where are System Schedules found
System Scheduler \> Schedules
55
Where are homepage configurations made
* Homepage Admin \> Pages * Has Read/Write roles * Can edit by clicking Edit UI Action
56
Levels of Contextual Security
several layers before an end user has the capability to perform CRUD (create, read, update, delete) operations on a table 1. User Authentication/Login 2. User Interface 3. Database
57
What does the User Authentication/Login security level govern
* Users * Groups * Roles
58
User Interface security level
Governs Applications and Modules and is governed by roles configured at application and module level
59
Database Security Level
* Governs table and field access * controlled via globally defined system properties as well as table and field level Access Controls * If a row level rule and a field level rule are in conflict, both must be true before an operation is allowed
60
Features of Contextual Security
* Protects a record based on its contents and table location * Data is acted upon based on the position of the information in the table hierarchy * Defnes Access Control rules to any level in the object hierarchy * Uses roles to implement Access Controls and assign permissions, for example, read, write, and create
61
What is an access control
Security rule defined and set at the row-level (access to the record) and at the column-level (access to the field) and is executed when attempting to access any servicenow table. Specifies and is named for the object(s) being secured
62
What is an ACL
Access control list, list of all the Access Controls for a table
63
Three ways Access Controls are defined
* Roles (if more than one, must have at least one) * Conditional Expressions (evaluates to true or allow if condition is met) * Scripts (setting answer to allow or deny)
64
Access Control Wildcard Rule
Selection of the wildcard symbol from the name drop down list on the access control form means that the rule in question applies to all fields on the selected table except for those with explicit rules
65
ACL Evaluation order
* Most specific to least * Starts at field, then goes to table
66
Field ACL rule evaluation order
Find first matching: 1) table.field (incident.number) 2) parent\_table.field (task.number) 3) .field (.number) 4) table. (incident.) 5) parent\_table. (task.) 6) . (.)
67
Table ACL rule evaluation order
If no field ACL match was found or if a Match was found and the ACL evaluated to Pass the table must be evaluated: 1. Match the table name. For example, incident 2. Match the parent table name. For example, task 3. Match any table name (wildcard). For example, \*. If No matches above are found or if a Match is found and the ACL evaluated to Pass User access to the record object is granted.
68
Three main security modules:
1. System Properties \> Security - can set default behavior for no ACLs 2. System Security \> Access Control - manages ACLs 3. System Security \> High Security Settings - set tighter security options
69
Evaluation order of ACL elements
1. role 2. condition 3. script
70
Elements of the ServiceNow Application Security Model
* Contextual Security (ACLs, etc.) * IP Address Access Controls (System Security \> IP Address Access Control) - allow or deny certain IP ranges * Encryption
71
Keys to Success with security
* Risk-based & Data-centric * know what you are storing * consult with security to understand requirements * Secure 1st, develop 2nd * configure security settings up front * apply ACLs at the beginning of development * documented approach * checklist at key phases * starting points * remove demo data * upgrade to latest version * identify plugins such as high security
72
Name of plugin that supports field encryption
Encryption Support
73
How do users get encryption contexts
Admin creates the context, assigns it to a role
74
Which operations can be secured through ACLs
* CRUD * Execute * Edit Task Relations * Edit CI Relations * Save as Template * Add to List * List Edit * Report on * Personalize choices
75
What do Access Control Rules Apply to?
* Records * UI Pages * Processors * Client Callable Script Includes
76
How many ACLs come OOtB
Over 4,500. Add all plugins, \>6,000
77
ACL Script Evaluation, built in GlideRecord methods
* canRead() * canWrite() * canCreate() * canDelete()
78
Predefined ACLs by role
* End Users * Submit records in some applications (create) * Read and update their own records in those applications * Fulfillers * general read and write access for applications they have a role for * task assignment * application/process administrators * delete records * change state to closed
79
How are ACL rules matched?
* From most specific to least specific * processing orders define matching criteria * For record rules a table and field rule will be searched for * both are evaluated * First rule to match for both is evaluated for each processing level (if parent\_table.field matches, it won't go to next level for field)
80
What happens if there are multiple ACL rules at the same processing level?
any passed rule will allow access
81
What happens if a user fails a table ACL rule
* User is denied access to all fields in the table even if the user previously passed a field ACL rule * list of table will show security constraint message
82
What happens if a user fails a field ACL rule but passes a table ACL rule
User is denied access to the field
83
What happens when a table write rule fails
All fields will be read-only unless there is not a more specific field rule
84
What happens when a table create rule fails
user will not have the "new" button
85
What happens when a field write rule fails
field will be read-only
86
Security debug
System Security \> Debug Security Rules Session Specific
87
Creating an Encryption context
* Define: * Name * Encryption Key (if left blank, SN will auto-gnerate). SN can't retrieve user-defined keys
88
Creating an encrypted field
Add a new field with Type: Encrypted Text
89
Encryption context selector
For users with multiple encryption contexts System UI \> UI Macros \> encryption\_select. Shows under gear. Only shows for users with multiple contexts
90
What happens to encrypted fields if a user has no encryption contexts
Form hides the encrypted field
91
What happens when a user has one encryption context and there is no data in an encrypted field
form displays encrypted field. When a user enters data in the field, the field automatically uses the currently selected encryption context to encrypt the field
92
What happens when a user has one encryption context and there is data in an encrypted field
If the user has the matching context, the form displays the field
93
If a user has multiple encryption contexts and there is no data in an encrpyted field
form displays the field and when the user enters data, field is encrypted using currently selected context
94
User has multiple encryption contexts and there is data in the field
User will have access to the field if they have the matching context. Encrypted field always uses the original encryption context to encrypt changes to the field. Prevents users with multiple contexts from changing field context
95
Encrypting attachments
Users with \>=1 encryption contexts will get Encrypt File checkbox. If they have \>1, they are asked to confirm the context
96
How to identify which encryption context a field or attachment is using
Hover over the encryption (lock) icon and it will display
97
Encrypting passwords in System Properties
the Encrypt SysProperty Password business rule automagically encrypts value of any system property with the type password or password2. Instance only decrypts password in memory and never saves a clear-text version. Business rule runs when you add a new value or update an existing one
98
Script editor color coding
* Green - Comments * Purple - Javascript commands * Blue - strings, reserved words
99
Default Script Macros
* macro name followed by tab * For (for loop) * Doc (multiline comment) * Help (list of macros and their shortcuts)
100
Creating a script macro
System Definition \> Syntax Editor Macros
101
What is a client script
* Execute in browser * manage forms and fields in real-time
102
Baseline Client Scripts
* ~330 * not all are active * samples included as starting points
103
Client Script Form Breakdown
* Top section defines when * Bottom section (script box) defines what * Description is self-explanatory * Message is used to internationalizing output to user * If an alert of "Hello World" is presented to user, "Hello World" would show up in messages line. If an entry in sys\_ui\_message table matches key but in a different language, that is presented to users in that region
104
Client Script Global v. Not
IF global is checked, applies to all views, if not, must specify a view (ESS, Default, Advanced, etc.)
105
Client Script Inheritance
If true, execute script for forms from any extended tables
106
Client Script Types
onChange onLoad onSubmit onCellEdit
107
onLoad client script
Runs when form meeting trigger condition loads and before control is given to the user
108
onSubmit client script
* Runs when form meeting trigger condition is saved, updated or submitted * Typically handles field validation - can prevent from submitting if you return false
109
onChange Client Script
* Runs when a particular field's value on a form changes * 5 parameters: * control - name of field whose value changed * oldValue - is set when the form loads. No matter how many times it changes, will remain original value when form loaded * newValue * isLoading - whether change is occuring as part of a form load * isTemplate - whether occured due to a template
110
onCellEdit Client Script
* Runs when a field value on a list changes * Can be applied to multiple records * automatically passed 5 parameters: * sysIDs - of the edited items * table * oldValues * newValues * callback - continue execution of any other related cell edit scripts - if true, then others are executed or change is commited if there are no more. If false, furthers aren't executed and change is not committed
111
What data can be used in a client script?
* Local variables defined in the script * Client Script Global Variables * g\_form - object whose properties are methods used to manage form fields * g\_user -object whose properties contain session information about the current user and their role(s) * g\_scratchpad - global object passed to a client script from a server side script called a Display Business Rule - properties and values determined by the server side script
112
g\_form object
Object whose methods are used to manage from fields andtheir values Methods require use of field names and not labels
113
g\_form object methods
* 6 categories * Display settings: flash() * Field Information: getValue() * Change Field: setValue() * Change Choice list: addOption() * Form Information: isNewRecord() * Form Action: addInfoMessage()
114
g\_form.getValue()
* always returns a string * syntax: var X = g\_form.getValue('field\_name') * If used with a choice list, returns value ('7' rather than 'Rejected') * If used with a reference field, returns the sys\_id
115
g\_user Object Properties
Do NOT use to apply security - easily deflated using developer tools built into browsers
116
Client side scripts on Reference Objects
* client side scripts only have access to data on forms, information about the reference object is not available * Should use asynchronous - g\_form.getReference('field\_name', field) * Function (field) { * field.attribute
117
Best practices for Client Side Scripting
* use g\_form methods to manage form and fields * use g\_user to access about current session user * make as few calls to the server as possible * do not make synchronous calls using g\_form.getReference() * use jslog to debug as it doesn't affect other users * use try/catch to find runtime errors * use appropriate debug strategies for UI type (mobile, desktop, etc.)
118
Client Scripts v. UI policies
* Faster load times with UI policies. Always use these if possible * Execute on Form Load - Both * Execute on form save/submit/update - Client Scripts * Execute on form value change - Both * Can access a field's prior value - Client Script * Execute on list field value changes - Client Script * Control the order of execution - UI poilcy * Execute after client scripts - UI policy * require scripting - client script
119
baseline UI policies
~600
120
UI policy scripting
Can write scripts to execute if true or if false (separate boxes)
121
onLoad UI policy
Can check or uncheck to determine if it should run when the form is loaded
122
What data can be used in a UI policy script
locally declared variables g\_form g\_user g\_scratchpad
123
UI Policy Best Practices
* Set onLoad to false if you don't need it to execute on page load * Use as few UI policies as possible to avoid long page load times * Write conditions in condition builder wherever possible to avoid unnecessary scripting * Always populate the Short Description field
124
What is a business rule?
* Javascript that runs when a record is: * inserted * updated * deleted * queried * Execute on Server * fast * do not monitor form fields * Respond to all record accesses regardless of method (form, list, web service)
125
Baseline Business Rules
* ~900 * best to create a copy and deactivate original when modifying OOtB business rules as modifications are exempt from upgrades
126
Business Rule Role conditions
specifies the roles that the user modifying the record must have in order for the business rule to run
127
After business rules
* execute after form submission and after the record updates in the database * execute synchronously - current business rule must finish execution before next business rule runs * ex: cascade REQ approvals to child RITMs
128
Before Business Rule
* After form submission, before record updates in the database * execute synchronously - current business rule must finish execution before next one runs * ex: calculate priority based on Impact and Urgency
129
Before Query business rule
* before a query is done in the database * run synchronously - current business rule must finish execution before next one runs * baseline before queries that act like ACLs, preventing access
130
Async Business Rules
* Run when form loads * primary purpose is to populate the g\_scratchpad * runs after user requests form, before form is presented * Business Rule: g\_scratchpad.createdBy = current.sys\_created\_by; * Client Script: if(g\_scratchpad.createdBy == 'admin') {}
131
Business Rule Process Flow
1. User or System Query \> 2. Query Rules \> 3. Database Query \> 4. Display Rules \> 5. form submit \> 6. before rules \> 7. database update \> 8. async rules
132
What data can be used in business rules?
* Local Variables in script * business rule global objects: * previous * current * g\_scratchpad (display business rule only) * higher numbered business rules inherit variables and their values from lower numbered business rules unless variable scope is limited by a function
133
Business Rule Global Objects
* previous - stores records fields and values before any changes were made in the DB * current - current record fields/values in DB
134
Business Rule Best Practices
* Use async whenever possible * use display to pass data from server to client side during form load * wrap code in functions to make variables local * Use condition builder rather than script whenever possible
135
Script Include
* Store JavaScript for execution on the server * Reusable * Must be called to run * can extend classes or create functions * only loaded on request * can be client callable
136
Global Business Rules v. Script Includes
* Both allow creation of reusable javascript * GBRs can impact performance unless contents are wrapped in functions * GBRs load on every interaction between a user and the platform * Script includes only load on demand and do not impact performance
137
Script Include Baseline
~528 ~Do NOT modify behavior of baseline Script includes
138
Client Callable Script includes
* Yes/No field in Script Include Definition * if yes, client side scripts can access
139
Script Include Script
* Runs Server Side * No Default Objects * Data passed in from calling script
140
Classless Script Include
For use on server side only (not client-callable) Name must be same as the function name Sometimes called On Demand Functions Usually called from Business Rules
141
Import Sets - Import Sources
* Files * Excel * XML * CSV * Network * HTTP * FTP * JDBC
142
System Import Sets Modules
* Load Data * Create Transform Map * Run Transform
143
Import Set - Foreign Record Insert
Occurs when an import makes a change to a table that is not the target table for the import. Happens when updating a reference field on a table, ex. when updating the value for caller on an incident the import is actually updating the sys\_user table
144
Components of perceived ServiceNow performance
* Application Server Response * Network Latency and Througput * Browser Rendering and Parsing * Instance Cache
145
Application Server Response
time for the application server to process a request and render the resultant page
146
network latency and throughput
time for the network to pass your request to the server and the response back
147
browser rendering and parsing
time for your browser to render the HTML and parse/execute javascript
148
instance cache
amount of system resources available for processing
149
Two methods of troubleshooting network response times
* ping * traceroute
150
Normal Ping time
\>100ms for US, \>150ms for Europe or Asia. Anything over 250ms is cause for concern
151
Two key browser settings
* Enabling compression * caching items from HTTPS
152
Actions that cause a purge and rebuild of system cache
* Adding/updating system properties * adding/updating dictionary entries * committing update sets * adding or updating translations
153
types of requirements
* Functional * Technical
154
Functional requirements
What the system is expected to do, often used to create use cases. Do not include design choices * Define: * types of data that can be entered and by whom * workflows to be performed by the system * system reports or other outputs * regulatory requirements to be met
155
Technical Requirements
# Define specific tasks that must be performed to satisfy functional requirements * technical aspects of the system such as: * performance-related issues * scalability * manageability
156
Clarifying functional requirements
Ask questions such as: * what problem are we trying to solve? * what is the business driver behind this requirement? * can you help me understand what you are after? * what are the inputs? * what are the outputs? * are there use cases?
157
clarifying technical requirements
Ask questions: * is there already a technical solution to this requirement? * Is the solution scalable? * how does the solution affect various users? * Is the solution flexible? * Does the solution have license implications?
158
Input and output considerations in requirements gathering
create a test plan to test both valid and invalid inputs to ensure correct outputs
159
how many data center pairs does ServiceNow have?
8 - total of 16 centers
160
Two situations where the AHA process is invoked
* Service Disruption * Scheduled Maintenance
161
ServiceNow data center replication
All instances exist simultaneously in two datacenters through asynchronous data replicaiton. Current primary data center has read-write, secondary has read-only
162
How many steps in AHA process
8
163
Steps in AHA process
1. pre-flight checks to ensure all infrastructure and application configs are working 2. change DNS information for instance 3. stop all application nodes 4. reverse roles between read-write and read-only 5. change database pointer to read-write instance 6. start application nodes 7. post-flight checks 8. perform discovery to update CMDB
164
How many steps in StartNOW Methodology
6
165
Stages of StartNOW Methodology
* Plan: * Establish a project strategy and schedule for deployment * Discover: * determine requirements for success * Prepare: * Build base platform for deployment * Deploy: * Configure platform iteratively * Operate: * prepare for go-live and transition to operation * transform: * improve service continually
166
coarsest measure of network response time
ping
167
elements of a traceroute
* left column is step number * next three are latency estimates (performed three times to give an average) * fifth column is IP address of destination
168
inactivity monitors
run in the background to check inactivity and look for events to fire in the event of inactivity Large numbers of unanswered/unused inactivity monitors can degrade performance of event processing engine - degrades application server response times
169
Checking if an inactivity monitor is used
If no records are found in script actions or notifications, safe to disable inactivity monitor 1. System Policy \> SLA \> Inactivity Monitors (to find them) 2. System Policy \> Events \> Script Actions (to find event script actions) 3. Filter - Event name is .inactivity (to see if there are any events associated) 4. System Policy \> Email \> Notifications (to find obvious) 5. Similar filter
170
Application Server Performance Checks
* Response Times (transaction log) * Remove unused inactivity Monitors * Optimize queries to search efficiently * Adjust auto-complete wait time in increments of 50ms, not to exceed 750 * Check SLA trace level * Monitor process duration of scheduled jobs * Default Row Count * Go To Search Option * Auto-complete Search Option (starts with v. contains) * Table Rotation
171
AutoComplete feature for reference fields
* Uses Ajax to allow browser to request records matching a user's entry from the server * Has a specified wait time of 250 milliseconds * The fewer characters the user enters, the more the server must work to respond to the request
172
SLA Trace Level
* controls number of messages sent to system log * System Properties \> SLA * The lower the selection, the more messages are sent to the system log. Info setting (second to bottom) typically only used when debugging SLAs
173
Default row count
Anything \>100 is not recommended. don't modify default system user preference for rowcount, instead modify which options are available to users - glide.ui.per\_page controls
174
Go To Search Option
System property handles whether the search performs a Contains query (true) or a Greater Than query (false). REcommended to leave as default false
175
table rotation
* works by separate data sets into individual tables based on user-specified time parameters * Two options: * Table Rotation plugin - rotates among a small set of tbales and deleting and reusing old tables for new data (syslog and ecc\_queue) * table extension - creates new table and allows old tables to be archived and removed from the system (sys\_audit and sys\_email) * controlled by the Database Rotation plugin
176
What does the System Dictionary define
* For Fields: * -Data Type * -Character Limit * Default Value * Dependency * Other table attributes
177
What are the two ways to access the System Dictionary?
1) System Definition \> Dictionary 2) Right-click in list header, form header, or field label and select "Personalize Dictionary"
178
What does the Unique field in System Dictionary do?
Allows having unique values in the table's column selected in the dictionary definition of a field
179
What are Dictionary Overrides?
Provide the ability to override several attributes of a particular field in the extended or child tables
180
What attributes can be overwritten in a dictionary override?
* Reference Qualifier * Dependent * Attributes * Default Value * Calculation * Mandatory * Read-only * Display Value
181
What is a sys\_id?
32-character globally unique ID (GUID). Every new record has a sys\_id of -1. When inserted, valid sys\_id is provided
182
What type of business rule makes server-side objects accessible to client scripts?
on Display
183
What type of business rule should be used when calculating metrics and SLAs
async
184
What is the maximum recommended number of steps to dot.walk through?
3
185
What are the predefined global variables in Business Rules?
* current * previous * g\_scratchpad * system (or gs)
186
What is the Current variable and when is it used
Used in Business Rules (server-side scripting). Current record being referenced.
187
What is the Previous variable and when is it used
Used in Business Rules (server-side scripting). Record before any changes were made. Available on Update and Delete operations. Not available on async
188
What is the g\_scratchpad variable and when is it used
Used in business rules. Available in On Display business rules to pass server-side information to the client to be used for Client Scripts
189
what is the System variable and when is it used?
Used in business rules (also called gs). References GlideSystem functions
190
Record Producer Server-Side Scripting
* use current. to reference fields on the record being created. * use producer. to reference values entered by the end user * When variables have the same name as the fields in the target table, the record producer populates such fields automatically when inserting the record
191
what is the nil(object) function?
Queries an object and returns true of the object is null or contains an empty string
192
What are the global objects available to client scripts?
* g\_form - references currently active form * g\_user - references currently active user
193
What is the difference between a local and global variable in a Business Rule
Local variables are contained in functions, global variables are not
194
What is the implication of creating a global variable in a business rule?
If a new variable is declared in an order 100 Business Rule, any Business Rules that follow also have access to that variable
195
What are the four methods of fetching server-side data in a client script and which are recommended?
* g\_scratchpad - Recommended * GlideAjax - Recommended * g\_form.getReference - Not Recommended * GlideRecord - Not Recommended Second two have a performance impact because they retrieve all attributes of of the record rather than just the required field(s)
196
What is GlideAjax?
A server call that can be written in a client script that runs asynchronously
197
What is the difference between g\_scratchpad and GlideAjax?
g\_scratchpad is set once when the form is loaded (set in a Display business rule), whereas GlideAjax is triggered dynamically by the client
198
What is getReference?
Used in Client Scripts and returns the GlideRecord for a specified field (excluding user-defined fields). Requires a call to the server format : getReference(fieldName, callback)
199
What happens when you use getReference without a callback?
Process runs synchronously and all processing halts until information returns from the server
200
What happens when you use getReference with a callback
Process runes asynchronously and other processing continues until a response from the server is received
201
Is it better to use getReference with a callback or without
With
202
What is a callback function
A function written in a client script that runs asynchronously after a server call using getRefernce. Call back is defined as a parameter of the getReference
203
What is SSO
Single-Sign-On method of access control that enables a user to log in once and gain access to the resources of multiple software systems without having to log in again.
204
What is SAML?
Security Assertion Markup Language - XML-based standard for exchanging authentication and authorization data between security domains
205
What are the three main components of SAML?
``` Assertion Identity provider (producer of assertions) service provider (consumer of assertions) ```
206
What are the two main components of LDAP integration?
* SN configurations including * ldap server (with a minimum read-only account) * OU definition * transform map * import schedule * Importing data using standard method of staging tables and import sets
207
What are the steps in LDAP authentication
1. User enters credentials into SN - password stored in HTTPS session. If the "Source" field of the user record starts with LDAP, validation is attempted using LDAP, otherwise the password on the local user record is used to validate login 2. SN passes credentials to LDAP server. If password is provided, "Simple Bind" is performed. If not, LDAP must allow anonymous login 3. LDAP responds with authorized or unauthorized 4. user as granted or denied access
208
What is the maximum acceptable network ping time?
500ms
209
What is the Client Transaction Timings plugin
enhances system logs by providing more information of the durations of transactions between client and server
210
Where are client transactions stored?
with all other transactions in the transaction log table. client\_transaction field is set to true
211
What are the most common mistakes that lead to long-running reports?
* Returning too many results * Grouping by fields such as duration or name * Reporting on a user-created table that uses many joins on other tables
212
What is the ECC queue?
External Communications Channel queue. It is a database table which is queried, updated, and inserted into by other systems
213
What is stored in the ECC queue?
* Messages, two types: * From ServiceNow to another system (output message) * From another system to ServiceNow (input message)
214
What are the two main processes on a MID Server?
Monitors Workers
215
What is a Mid Server Monitor?
runs on its own thread as a timer object and is configured to execute a task periodically, returning its result to the ECC queue
216
What is a Mid Server Worker?
on-demand thread that executes a tag when a corresponding ECC output queue record is read from ServiceNow
217
How do MID Server workers get their work?
Queue Monitor reads an ECC output queue message and triggers the worker to work
218
What information can be found on stats.do?
* Build Name * Build Tag * Instance Name * Servlet Memory * Servlets statistics * Semaphores sets * OS Configuration * Logged in sessions
219
What options are available for separating data and processes?
* Filters * System Security * Domain Separation * Company Separation * Separate Instances
220
What does Domain Separation do?
1. Separates Data 2. Separates administration (workflow, policy, UI definition) 3. Provides multi-tenancy support Some global data and processes are shared across all domains, "Remember Me" option is an example
221
Who is domain separation good for?
Organizations that want to: * Enforce data separation between business entities * Customize Business process definitions and user interfaces for each domain * Use a single instance of servicenow to maintain global processes and global reporting
222
What is Company Separation?
Legacy - domain separator can be based on anything in the system. Any table that contains a domain field inherits data separation. Domain fields can be added to any tbale to extend data separation through the system
223
Can Domains be Hierarchical
Yes
224
What and Where is the Debug log
System Diagnostics \> Debug Log displays gs.print() and gs.log() statements, as well as server logging information and error messages
225
What are the standard email protocols for ServiceNow?
Outbound - SMTP Inbound - POP3
226
How do Workflows work with Update Sets?
Workflows are not included in Update Sets until the Workflow is published, at which point the entire workflow is added to the update set
227
How often are ServiceNow instances backed up?
Every 24 Hours
228
What does StartNow stand for?
STrategic Alignment and drive Rapid Transformation
229
What is the StartNow methodology
ServiceNow's methodology for implementations. Combination of traditional waterfall approach with SCRUM
230
What are the 6 phases of the StartNow methodology
1. Plan 2. Discover 3. Prepare 4. Deploy 5. Operate 6. Transform
231
What is the 1st phase of StartNow and what does it include?
Plan: * Project Setup * Team Setup * Project Definition in PPM Application * Kick-off * Customer Training * Arranging Gap analysis workshops
232
What is the 2nd phase of StartNow and what does it include?
Discover: * Gap Analysis Workshops * KPI workshops * Integration requirements * data requirements * backlog of work defined/documented in Scrum
233
What is the 3rd phase of StartNow and what does it include?
Prepare: * Core Systems Setup * LDAP(S) integration * Common Data Imported * Integrations * Scrum planning
234
What is the 4th phase of StartNow and what does it include?
Deploy: * Build out functionality from SDLC backlog * Managed using Agile SCRUM Application
235
What is the 5th phase of StartNow and what does it include?
Operate: * UAT * End User testing * Go-live checks * Production readiness review * Go-live support
236
What is the 6th phase of StartNow and what does it include
Transform: * Pulse Checks * Delivery Assurance * Transformation road maps * Service Improvement plans
237
What is Upgrade History and where can you find it?
System Diagnostics \> Upgrade History Tracks all upgrades made to an instance. Each record examined during an upgrade is tracked and the action taken on that record is tracked as the disposition
238
What does ServiceNow use as core-based technology?
MySQL and Tomcat
239
What are the layers of the Core-Based technology
* Top - Who is accessing the instance (browser, SOAP, FTP, etc) * Next - top app layer, UI, SOAP, Other * Next - Scripting * Next - DB Layer * Next - MySQL
240
What does the High Security Plugin do?
Creates a role called security\_admin which is added to the default System Administrator user. New role has "elevated privelage"
241
What does the "Elevated Privelage" attribute of a role do?
Means that the user who is assigned the role will need to manually elevate themselves to the role during a session. Session timeout or log-out removes the role
242
What does the security\_admin role allow you to do when activated?
* Modify ACLs * Import XML Files * Access Scripts - Background module
243
How could I improve the performance of an import set?
Uncheck the "run business rules" attribute
244
How can I remove the New and Edit buttons from a related list
Right-click in the related list header and select Personalize \> List Control. Select Omit new button or Omit edit button
245
What does SOAP Stand for?
Simple Object Access Protocol
246
What are the four parts of SOAP Message transportation?
1. Endpoint 2. Action 3. Headers/Attributes 4. Envelope
247
What is the SOAP endpoint?
URL or Address where the SOAP request is delivered. Must be able to reach the endpoint over the network in order for the communication to succeed.
248
What is a SOAP Action?
String that is often optional with the SOAP web service. However, some services do require this to be set. The string is often descriptive of what action should be performed by the web services.
249
What are the SOAP Headers/Attributes?
Found within the HTTP request. They contain information regarding the protocol being used as well as other custom information such as session IDs, authentication token, etc.
250
What is the SOAP Envelope?
Actual document that describes the details of the SOAP request. This is written in XML format. Has a header and a body similar to an HTML webpage. Header and body details are dictated by the web service and explained in a corresponding WSDL document
251
What are the elements of a SOAP envelope?
1) Main Document 2) Header (optional) 3) Body 4) Fault Element (optional)
252
What is the SOAP envelope header?
Often contains processing instructions for the envelope, but it is not used in all web services.
253
What is the SOAP envelope Body?
Main part of the envelope, is required for SOAP requests. Contains the actual message or request that is to be delivered to the web service.
254
What is the SOAP envelope Fault Element?
Often present if there was an error processing the web service request. The Web Service is responsible for populating this element with descriptive information to help the consumer understand what went wrong, and/or what to do next
255
What is the SOAP WSDL?
Another XML document that is used in the SOAP protocol. It is a catalog of available functions provided by the web service. A SOAP web service consuming client information should be able to read this and generate a template of each of the available service requests provided by the web service.
256