ServiceNow Implementation Cert quizlet Flashcards

1
Q

what does S.O.A.P. stand for?

A

Simple Object Access Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the four parts of SOAP message transformation

A
  1. Endpoint
  2. Action
  3. Headers/Attributes
  4. Envelope

Action, endpoint, and envelope are all populated automatically based on the Web Service Descriptive Language (WSDL) definition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a SOAP Endpoint

A

This is the URL or Address where the SOAP request is delivered. It must be able to reach that endpoint over the network in order for the communication to succeed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a SOAP Action

A

String that is often optional with the SOAP web service. However, some services do require this to be set. The string is often descriptive of what action should be performed by the web services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SOAP Headers/Attributes

A

Found within the HTTP request. They contain information regarding the protocol being used as well as other custom information such as session IDs, authentication token, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SOAP Envelope definition

A

Actual document that describes the details of the SOAP request. This is written in XML format. Has a header and a body similar to an HTML webpage. Header and body details are dictated by the web service and explained in a corresponding WSDL document

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SOAP Envelope Elements

A
  1. Main document
  2. Header (optional)
  3. Body
  4. Fault Element (Optional)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SOAP Envelope Header

A

Often contains processing instructions for the envelope, but it is not used in all web services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SOAP Envelope Body

A

Main part of the envelope, required for SOAP requests. Contains the actual message or request that is to be delivered to the web service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SOAP Envelope Fault Element

A

Often present if there was an error processing the web service request. The web service is responsible for populating this element with descriptive information to help the consumer understand what went wrong, and/or what to do next.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SOAP WSDL

A

Another XML document that is used in the SOAP protocol. It is a catalog of available functions provided by the web service. A SOAP web service consuming client information should be able to read this and generate a template of each of the available service requests provided by the web service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 3 Main steps in SOAP communication flow

A
  1. Client generates an XML envelope document and sends it to the service as a SOAP request.
  2. Server receives the SOAP request and processes that request in the manner in which it was coded.
  3. Server sends a SOAP response back to the client with an answer or response to the request that was submitted.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How to generate a sample SOAP Message

A

UI action “Generate sample SOAP Message” - will generate templates for all of the available services provided by that SOAP web service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does a SOAP Message UI connect to a Web Service

A

It can either specify a URL to a WSDL document or paste the WSDL document contents directly into the tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SOAP Message Function UI

A
  • You can open a function record to view details on the template for the request
  • Check the Lock field to ensure that future regenerations of SOAP functions do not overwrite the changes that you make to the current template
  • SN Supports the use of basic authentication, WS-security with outbound SOAP requests.
    • Customize SOAP action or endpoint manually by changing the text. May need to click the lock button to change the endpoint URL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Where do you create test values for SOAP message variables

A

SOAP Message Function UI - OPEN message parameters section

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the most common ways to call SOAP Messages through script?

A

Server-side scripts including:

  • Business Rules
  • Script Includes
  • Workflows
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the SOAPMessage Library

A

Application Program Interface (API) Around SN Graphical User Interface for Soap Messages (SOAP Message UI) Can be used to set point values, set variables, submit request, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which Script includes from the Script Includes library support users who are sending out SOAP requests

A

1) SOAPMessage - supports the SOAP Message UI
2) SOAPEnvelope - Used behind the curtain by SOAP Message UI, can be leveraged directly by an admin to create custom messages, bypassing the UI
3) SOAPRequest - Same as above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

XPATH

A

Standard mechanism used to parse XML documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

XPATH Character - /

A

Most basic and primary element. Level separator similar to Linus/UNIX paths on a file system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

XPATH Character - //

A

Denotes a relative path, rather than a strict path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

XPATH Character - *

A

Wildcard character in a string

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How do you use XPATH to get values out of an XML document?

A

Script include - XMLDocument

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the most common operation performed by an XML Document Script include

A

getNodeText - takes an XPATH string in and attempts to parse the XML document with the XPATH to find the element you are looking for and returns the content of that element node

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

XML Helper

A
  • Includes a number of functions.
  • Allows you to access parts of the XML document as if the various elements were member variables to an object. Each level down the XML document is represented by member variables that are new objects themselves.
  • Most commonly used function will take XML string and convert it to a JavaScript object.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

REST

A
  • REpresentational State Transfer
  • Lightweight alternative to SOAP
  • Very Loose Specification
  • Better suited to scale & performance
  • Most modern web applications are REST
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

ServiceNow REST functionality allows you to:

A

Retrieve, Create, Update, or Delete data on a web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

HTTP Methods supported by REST

A
  • Get
  • Post
  • Put
  • Delete
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

REST Request and Response Elements

A
  • Request URL: specifies the address of the resource plus the HTTP verb
  • Query Parameters: optional and appended to the URL path of the request
  • HTTP Headers : required component of the message and contain metadata for the transaction (encoding, date, authorization, etc.)
  • Content or Body: optional, contains data to be transmitted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Rest Message UI

A
  • Similar to SOAP Message Tool
  • Requires an Endpoint
  • Generates the four HTTP Methods as Functions
  • Endpoint can use variables - ${varName}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Describe the following REST Function Option:

Variables

A
  • Can be used in various parts:
  • Endpoint URL
  • Header names or values
  • Function parameter definition names or values
  • Content
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Describe the following REST Function Option:

Connectivity Options

A
  • Authentication
  • MID Server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Describe the following REST Function Option:

Access to HTTP Request Components

A
  • Headers
  • Parameters
  • Content (POST, PUT only)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Describe the following REST Function Option:

Set Variable values

A

String v. XML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are the REST Function Options

A
  • Variables
  • Connectivity
  • Access to HTTP Request components
  • Set Variable Values
  • Test the request
  • Preview script usage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Stages of StartNow implementation methodology

A
  1. Plan
  2. Discover
  3. Prepare
  4. Deploy
  5. Operate
  6. Transform
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What type of VPN does ServiceNow support?

A

Site-to-Site between data center and customer data center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is VPN typically used for?

A
  • Securing (encrypting) connections which originate at ServiceNow and destined for the customer’s network
  • Access to customer’s LDAP server
  • JDBC access/integration with a customer’s database
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

How many VPN tunnels does ServiceNow support and why

A

Minimum of 2, maximum of 4. Not supported to serve multiple geographic regions or disparate networks within client organiztion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

How do you request VPN?

A

Through HI. Typically takes 2 weeks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

VPN for LDAP

A

Recommended that customers implement LDAPS (LDAP over SSL) v. standard LDAP (non-encrypted). Standard LDAP integration communicates over TCP on port 389. LDAPS communicates over TCP on 636 and requires a digital certificate which must be uploaded to the instance. VPN to be used if LDAP instead of LDAPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

VPN for JDBC & Web Services

A

Recommended to install Mid Server inside network, Mid server will communicate with instance over HTTPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

VPN for email integration

A

Not supported if ServiceNow is configured to utilize mail.service-now.com for SMTP and POP3, utilizes opportunistic TLS. If incoming server supports TLS, traffic is envrypted. If not, uses regular SMTP without encryption.

Supported if customer’s mail server is being used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

DIT

A

Data is represented in an LDAP enabled directory as a hierarchy of objects, each of which is called an entry. Resulting tree structure is called a Data Information Tree (DIT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

DN (LDAP)

A

Distinguished name - fully qualified path in an LDAP tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

RDN (LDAP)

A

Each unique data attribute that is part of a Distinguished name is called a Relative Distinguished Name (RDN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What are the requirements for LDAP Server Configuration in the Graphical User Interface (GUI)

A
  • Name
  • Server URL
  • Login distinguished name
  • Login password
  • Starting search directory
  • Organizational Unit (OU) Definition
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

LDAP Organizational Unit (OU) Definition

A

Define directories that are the source for the imported data. Can contain locations, people, or user groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Types of LDAP Communication channels

A
  • Mid Server (can be used to import data but not for authentication)
  • Standard LDAP - communicates over TCP, does not require a certificate
  • SSL-encrypted (LDAPS), requires x.509 certificate
  • VPN, communicates over IPSEC tunnel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Testing LDAP Connection

A
  • Manually through UI action
  • Automatically - SN tests every 15 minutes by default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Company Settings

A
  • System Properties - My Company
    • Can Modify
    • Banner Text
    • Primary (T/F)
    • Banner Image (upload)
  • Further modifications made in glide.product.___ properties
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Where is Login Page Configuration adjusted

A

System UI > Welcome Page Content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Where are System Schedules found

A

System Scheduler > Schedules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Where are homepage configurations made

A
  • Homepage Admin > Pages
  • Has Read/Write roles
  • Can edit by clicking Edit UI Action
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Levels of Contextual Security

A

several layers before an end user has the capability to perform CRUD (create, read, update, delete) operations on a table

  1. User Authentication/Login
  2. User Interface
  3. Database
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What does the User Authentication/Login security level govern

A
  • Users
  • Groups
  • Roles
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

User Interface security level

A

Governs Applications and Modules and is governed by roles configured at application and module level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Database Security Level

A
  • Governs table and field access
  • controlled via globally defined system properties as well as table and field level Access Controls
  • If a row level rule and a field level rule are in conflict, both must be true before an operation is allowed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Features of Contextual Security

A
  • Protects a record based on its contents and table location
  • Data is acted upon based on the position of the information in the table hierarchy
  • Defnes Access Control rules to any level in the object hierarchy
  • Uses roles to implement Access Controls and assign permissions, for example, read, write, and create
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What is an access control

A

Security rule defined and set at the row-level (access to the record) and at the column-level (access to the field) and is executed when attempting to access any servicenow table. Specifies and is named for the object(s) being secured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What is an ACL

A

Access control list, list of all the Access Controls for a table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Three ways Access Controls are defined

A
  • Roles (if more than one, must have at least one)
  • Conditional Expressions (evaluates to true or allow if condition is met)
  • Scripts (setting answer to allow or deny)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Access Control Wildcard Rule

A

Selection of the wildcard symbol from the name drop down list on the access control form means that the rule in question applies to all fields on the selected table except for those with explicit rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

ACL Evaluation order

A
  • Most specific to least
  • Starts at field, then goes to table
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Field ACL rule evaluation order

A

Find first matching:

1) table.field (incident.number)
2) parent_table.field (task.number)
3) .field (.number)
4) table. (incident.)
5) parent_table. (task.)
6) . (.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Table ACL rule evaluation order

A

If no field ACL match was found or if a Match was found and the ACL evaluated to Pass the table must be evaluated:

  1. Match the table name. For example, incident
  2. Match the parent table name. For example, task
  3. Match any table name (wildcard). For example, *.

If No matches above are found or if a Match is found and the ACL evaluated to Pass User access to the record object is granted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Three main security modules:

A
  1. System Properties > Security - can set default behavior for no ACLs
  2. System Security > Access Control - manages ACLs
  3. System Security > High Security Settings - set tighter security options
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Evaluation order of ACL elements

A
  1. role
  2. condition
  3. script
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Elements of the ServiceNow Application Security Model

A
  • Contextual Security (ACLs, etc.)
  • IP Address Access Controls (System Security > IP Address Access Control) - allow or deny certain IP ranges
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Keys to Success with security

A
  • Risk-based & Data-centric
    • know what you are storing
    • consult with security to understand requirements
  • Secure 1st, develop 2nd
    • configure security settings up front
    • apply ACLs at the beginning of development
  • documented approach
    • checklist at key phases
    • starting points
    • remove demo data
    • upgrade to latest version
    • identify plugins such as high security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Name of plugin that supports field encryption

A

Encryption Support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

How do users get encryption contexts

A

Admin creates the context, assigns it to a role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Which operations can be secured through ACLs

A
  • CRUD
  • Execute
  • Edit Task Relations
  • Edit CI Relations
  • Save as Template
  • Add to List
  • List Edit
  • Report on
  • Personalize choices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What do Access Control Rules Apply to?

A
  • Records
  • UI Pages
  • Processors
  • Client Callable Script Includes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

How many ACLs come OOtB

A

Over 4,500. Add all plugins, >6,000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

ACL Script Evaluation, built in GlideRecord methods

A
  • canRead()
  • canWrite()
  • canCreate()
  • canDelete()
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Predefined ACLs by role

A
  • End Users
    • Submit records in some applications (create)
    • Read and update their own records in those applications
  • Fulfillers
    • general read and write access for applications they have a role for
    • task assignment
  • application/process administrators
    • delete records
    • change state to closed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

How are ACL rules matched?

A
  • From most specific to least specific
    • processing orders define matching criteria
  • For record rules a table and field rule will be searched for
    • both are evaluated
  • First rule to match for both is evaluated for each processing level (if parent_table.field matches, it won’t go to next level for field)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What happens if there are multiple ACL rules at the same processing level?

A

any passed rule will allow access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

What happens if a user fails a table ACL rule

A
  • User is denied access to all fields in the table even if the user previously passed a field ACL rule
  • list of table will show security constraint message
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What happens if a user fails a field ACL rule but passes a table ACL rule

A

User is denied access to the field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

What happens when a table write rule fails

A

All fields will be read-only unless there is not a more specific field rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

What happens when a table create rule fails

A

user will not have the “new” button

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

What happens when a field write rule fails

A

field will be read-only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Security debug

A

System Security > Debug Security Rules

Session Specific

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Creating an Encryption context

A
  • Define:
    • Name
    • Encryption Key (if left blank, SN will auto-gnerate). SN can’t retrieve user-defined keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Creating an encrypted field

A

Add a new field with Type: Encrypted Text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Encryption context selector

A

For users with multiple encryption contexts
System UI > UI Macros > encryption_select. Shows under gear. Only shows for users with multiple contexts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

What happens to encrypted fields if a user has no encryption contexts

A

Form hides the encrypted field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

What happens when a user has one encryption context and there is no data in an encrypted field

A

form displays encrypted field. When a user enters data in the field, the field automatically uses the currently selected encryption context to encrypt the field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

What happens when a user has one encryption context and there is data in an encrypted field

A

If the user has the matching context, the form displays the field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

If a user has multiple encryption contexts and there is no data in an encrpyted field

A

form displays the field and when the user enters data, field is encrypted using currently selected context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

User has multiple encryption contexts and there is data in the field

A

User will have access to the field if they have the matching context. Encrypted field always uses the original encryption context to encrypt changes to the field. Prevents users with multiple contexts from changing field context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Encrypting attachments

A

Users with >=1 encryption contexts will get Encrypt File checkbox. If they have >1, they are asked to confirm the context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

How to identify which encryption context a field or attachment is using

A

Hover over the encryption (lock) icon and it will display

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Encrypting passwords in System Properties

A

the Encrypt SysProperty Password business rule automagically encrypts value of any system property with the type password or password2. Instance only decrypts password in memory and never saves a clear-text version.
Business rule runs when you add a new value or update an existing one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Script editor color coding

A
  • Green - Comments
  • Purple - Javascript commands
  • Blue - strings, reserved words
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Default Script Macros

A
  • macro name followed by tab
  • For (for loop)
  • Doc (multiline comment)
  • Help (list of macros and their shortcuts)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Creating a script macro

A

System Definition > Syntax Editor Macros

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

What is a client script

A
  • Execute in browser
  • manage forms and fields in real-time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Baseline Client Scripts

A
  • ~330
  • not all are active
  • samples included as starting points
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Client Script Form Breakdown

A
  • Top section defines when
  • Bottom section (script box) defines what
  • Description is self-explanatory
  • Message is used to internationalizing output to user
  • If an alert of “Hello World” is presented to user, “Hello World” would show up in messages line. If an entry in sys_ui_message table matches key but in a different language, that is presented to users in that region
104
Q

Client Script Global v. Not

A

IF global is checked, applies to all views, if not, must specify a view (ESS, Default, Advanced, etc.)

105
Q

Client Script Inheritance

A

If true, execute script for forms from any extended tables

106
Q

Client Script Types

A

onChange

onLoad

onSubmit

onCellEdit

107
Q

onLoad client script

A

Runs when form meeting trigger condition loads and before control is given to the user

108
Q

onSubmit client script

A
  • Runs when form meeting trigger condition is saved, updated or submitted
  • Typically handles field validation - can prevent from submitting if you return false
109
Q

onChange Client Script

A
  • Runs when a particular field’s value on a form changes
  • 5 parameters:
    • control - name of field whose value changed
    • oldValue - is set when the form loads. No matter how many times it changes, will remain original value when form loaded
    • newValue
    • isLoading - whether change is occuring as part of a form load
    • isTemplate - whether occured due to a template
110
Q

onCellEdit Client Script

A
  • Runs when a field value on a list changes
  • Can be applied to multiple records
  • automatically passed 5 parameters:
    • sysIDs - of the edited items
    • table
    • oldValues
    • newValues
    • callback - continue execution of any other related cell edit scripts - if true, then others are executed or change is commited if there are no more. If false, furthers aren’t executed and change is not committed
111
Q

What data can be used in a client script?

A
  • Local variables defined in the script
  • Client Script Global Variables
  • g_form - object whose properties are methods used to manage form fields
  • g_user -object whose properties contain session information about the current user and their role(s)
  • g_scratchpad - global object passed to a client script from a server side script called a Display Business Rule - properties and values determined by the server side script
112
Q

g_form object

A

Object whose methods are used to manage from fields andtheir values

Methods require use of field names and not labels

113
Q

g_form object methods

A
  • 6 categories
    • Display settings: flash()
    • Field Information: getValue()
    • Change Field: setValue()
    • Change Choice list: addOption()
    • Form Information: isNewRecord()
    • Form Action: addInfoMessage()
114
Q

g_form.getValue()

A
  • always returns a string
  • syntax: var X = g_form.getValue(‘field_name’)
  • If used with a choice list, returns value (‘7’ rather than ‘Rejected’)
  • If used with a reference field, returns the sys_id
115
Q

g_user Object Properties

A

Do NOT use to apply security - easily deflated using developer tools built into browsers

116
Q

Client side scripts on Reference Objects

A
  • client side scripts only have access to data on forms, information about the reference object is not available
  • Should use asynchronous - g_form.getReference(‘field_name’, field)
  • Function (field) {
  • field.attribute
117
Q

Best practices for Client Side Scripting

A
  • use g_form methods to manage form and fields
  • use g_user to access about current session user
  • make as few calls to the server as possible
  • do not make synchronous calls using g_form.getReference()
  • use jslog to debug as it doesn’t affect other users
  • use try/catch to find runtime errors
  • use appropriate debug strategies for UI type (mobile, desktop, etc.)
118
Q

Client Scripts v. UI policies

A
  • Faster load times with UI policies. Always use these if possible
  • Execute on Form Load - Both
  • Execute on form save/submit/update - Client Scripts
  • Execute on form value change - Both
  • Can access a field’s prior value - Client Script
  • Execute on list field value changes - Client Script
  • Control the order of execution - UI poilcy
  • Execute after client scripts - UI policy
  • require scripting - client script
119
Q

baseline UI policies

A

~600

120
Q

UI policy scripting

A

Can write scripts to execute if true or if false (separate boxes)

121
Q

onLoad UI policy

A

Can check or uncheck to determine if it should run when the form is loaded

122
Q

What data can be used in a UI policy script

A

locally declared variables
g_form
g_user
g_scratchpad

123
Q

UI Policy Best Practices

A
  • Set onLoad to false if you don’t need it to execute on page load
  • Use as few UI policies as possible to avoid long page load times
  • Write conditions in condition builder wherever possible to avoid unnecessary scripting
  • Always populate the Short Description field
124
Q

What is a business rule?

A
  • Javascript that runs when a record is:
    • inserted
    • updated
    • deleted
    • queried
  • Execute on Server
  • fast
  • do not monitor form fields
  • Respond to all record accesses regardless of method (form, list, web service)
125
Q

Baseline Business Rules

A
  • ~900
  • best to create a copy and deactivate original when modifying OOtB business rules as modifications are exempt from upgrades
126
Q

Business Rule Role conditions

A

specifies the roles that the user modifying the record must have in order for the business rule to run

127
Q

After business rules

A
  • execute after form submission and after the record updates in the database
  • execute synchronously - current business rule must finish execution before next business rule runs
  • ex: cascade REQ approvals to child RITMs
128
Q

Before Business Rule

A
  • After form submission, before record updates in the database
  • execute synchronously - current business rule must finish execution before next one runs
  • ex: calculate priority based on Impact and Urgency
129
Q

Before Query business rule

A
  • before a query is done in the database
  • run synchronously - current business rule must finish execution before next one runs
  • baseline before queries that act like ACLs, preventing access
130
Q

Async Business Rules

A
  • Run when form loads
  • primary purpose is to populate the g_scratchpad
  • runs after user requests form, before form is presented
  • Business Rule: g_scratchpad.createdBy = current.sys_created_by;
  • Client Script: if(g_scratchpad.createdBy == ‘admin’) {}
131
Q

Business Rule Process Flow

A
  1. User or System Query >
  2. Query Rules >
  3. Database Query >
  4. Display Rules >
  5. form submit >
  6. before rules >
  7. database update >
  8. async rules
132
Q

What data can be used in business rules?

A
  • Local Variables in script
  • business rule global objects:
  • previous
  • current
  • g_scratchpad (display business rule only)
  • higher numbered business rules inherit variables and their values from lower numbered business rules unless variable scope is limited by a function
133
Q

Business Rule Global Objects

A
  • previous - stores records fields and values before any changes were made in the DB
  • current - current record fields/values in DB
134
Q

Business Rule Best Practices

A
  • Use async whenever possible
  • use display to pass data from server to client side during form load
  • wrap code in functions to make variables local
  • Use condition builder rather than script whenever possible
135
Q

Script Include

A
  • Store JavaScript for execution on the server
  • Reusable
  • Must be called to run
  • can extend classes or create functions
  • only loaded on request
  • can be client callable
136
Q

Global Business Rules v. Script Includes

A
  • Both allow creation of reusable javascript
  • GBRs can impact performance unless contents are wrapped in functions
  • GBRs load on every interaction between a user and the platform
  • Script includes only load on demand and do not impact performance
137
Q

Script Include Baseline

A

~528

~Do NOT modify behavior of baseline Script includes

138
Q

Client Callable Script includes

A
  • Yes/No field in Script Include Definition
  • if yes, client side scripts can access
139
Q

Script Include Script

A
  • Runs Server Side
  • No Default Objects
  • Data passed in from calling script
140
Q

Classless Script Include

A

For use on server side only (not client-callable)
Name must be same as the function name
Sometimes called On Demand Functions
Usually called from Business Rules

141
Q

Import Sets - Import Sources

A
  • Files
    • Excel
    • XML
    • CSV
  • Network
    • HTTP
    • FTP
    • JDBC
142
Q

System Import Sets Modules

A
  • Load Data
  • Create Transform Map
  • Run Transform
143
Q

Import Set - Foreign Record Insert

A

Occurs when an import makes a change to a table that is not the target table for the import. Happens when updating a reference field on a table, ex. when updating the value for caller on an incident the import is actually updating the sys_user table

144
Q

Components of perceived ServiceNow performance

A
  • Application Server Response
  • Network Latency and Througput
  • Browser Rendering and Parsing
  • Instance Cache
145
Q

Application Server Response

A

time for the application server to process a request and render the resultant page

146
Q

network latency and throughput

A

time for the network to pass your request to the server and the response back

147
Q

browser rendering and parsing

A

time for your browser to render the HTML and parse/execute javascript

148
Q

instance cache

A

amount of system resources available for processing

149
Q

Two methods of troubleshooting network response times

A
  • ping
  • traceroute
150
Q

Normal Ping time

A

>100ms for US, >150ms for Europe or Asia. Anything over 250ms is cause for concern

151
Q

Two key browser settings

A
  • Enabling compression
  • caching items from HTTPS
152
Q

Actions that cause a purge and rebuild of system cache

A
  • Adding/updating system properties
  • adding/updating dictionary entries
  • committing update sets
  • adding or updating translations
153
Q

types of requirements

A
  • Functional
  • Technical
154
Q

Functional requirements

A

What the system is expected to do, often used to create use cases. Do not include design choices

  • Define:
    • types of data that can be entered and by whom
    • workflows to be performed by the system
    • system reports or other outputs
    • regulatory requirements to be met
155
Q

Technical Requirements

A

Define specific tasks that must be performed to satisfy functional requirements

  • technical aspects of the system such as:
    • performance-related issues
    • scalability
    • manageability
156
Q

Clarifying functional requirements

A

Ask questions such as:

  • what problem are we trying to solve?
  • what is the business driver behind this requirement?
  • can you help me understand what you are after?
  • what are the inputs?
  • what are the outputs?
  • are there use cases?
157
Q

clarifying technical requirements

A

Ask questions:

  • is there already a technical solution to this requirement?
  • Is the solution scalable?
  • how does the solution affect various users?
  • Is the solution flexible?
  • Does the solution have license implications?
158
Q

Input and output considerations in requirements gathering

A

create a test plan to test both valid and invalid inputs to ensure correct outputs

159
Q

how many data center pairs does ServiceNow have?

A

8 - total of 16 centers

160
Q

Two situations where the AHA process is invoked

A
  • Service Disruption
  • Scheduled Maintenance
161
Q

ServiceNow data center replication

A

All instances exist simultaneously in two datacenters through asynchronous data replicaiton. Current primary data center has read-write, secondary has read-only

162
Q

How many steps in AHA process

A

8

163
Q

Steps in AHA process

A
  1. pre-flight checks to ensure all infrastructure and application configs are working
  2. change DNS information for instance
  3. stop all application nodes
  4. reverse roles between read-write and read-only
  5. change database pointer to read-write instance
  6. start application nodes
  7. post-flight checks
  8. perform discovery to update CMDB
164
Q

How many steps in StartNOW Methodology

A

6

165
Q

Stages of StartNOW Methodology

A
  • Plan:
    • Establish a project strategy and schedule for deployment
  • Discover:
    • determine requirements for success
  • Prepare:
    • Build base platform for deployment
  • Deploy:
    • Configure platform iteratively
  • Operate:
    • prepare for go-live and transition to operation
  • transform:
    • improve service continually
166
Q

coarsest measure of network response time

A

ping

167
Q

elements of a traceroute

A
  • left column is step number
  • next three are latency estimates (performed three times to give an average)
  • fifth column is IP address of destination
168
Q

inactivity monitors

A

run in the background to check inactivity and look for events to fire in the event of inactivity

Large numbers of unanswered/unused inactivity monitors can degrade performance of event processing engine - degrades application server response times

169
Q

Checking if an inactivity monitor is used

A

If no records are found in script actions or notifications, safe to disable inactivity monitor

  1. System Policy > SLA > Inactivity Monitors (to find them)
  2. System Policy > Events > Script Actions (to find event script actions)
  3. Filter - Event name is .inactivity (to see if there are any events associated)
  4. System Policy > Email > Notifications (to find obvious)
  5. Similar filter
170
Q

Application Server Performance Checks

A
  • Response Times (transaction log)
  • Remove unused inactivity Monitors
  • Optimize queries to search efficiently
  • Adjust auto-complete wait time in increments of 50ms, not to exceed 750
  • Check SLA trace level
  • Monitor process duration of scheduled jobs
  • Default Row Count
  • Go To Search Option
  • Auto-complete Search Option (starts with v. contains)
  • Table Rotation
171
Q

AutoComplete feature for reference fields

A
  • Uses Ajax to allow browser to request records matching a user’s entry from the server
  • Has a specified wait time of 250 milliseconds
  • The fewer characters the user enters, the more the server must work to respond to the request
172
Q

SLA Trace Level

A
  • controls number of messages sent to system log
  • System Properties > SLA
  • The lower the selection, the more messages are sent to the system log. Info setting (second to bottom) typically only used when debugging SLAs
173
Q

Default row count

A

Anything >100 is not recommended. don’t modify default system user preference for rowcount, instead modify which options are available to users - glide.ui.per_page controls

174
Q

Go To Search Option

A

System property handles whether the search performs a Contains query (true) or a Greater Than query (false). REcommended to leave as default false

175
Q

table rotation

A
  • works by separate data sets into individual tables based on user-specified time parameters
  • Two options:
    • Table Rotation plugin - rotates among a small set of tbales and deleting and reusing old tables for new data (syslog and ecc_queue)
    • table extension - creates new table and allows old tables to be archived and removed from the system (sys_audit and sys_email)
  • controlled by the Database Rotation plugin
176
Q

What does the System Dictionary define

A
  • For Fields:
    • -Data Type
    • -Character Limit
    • Default Value
    • Dependency
  • Other table attributes
177
Q

What are the two ways to access the System Dictionary?

A

1) System Definition > Dictionary
2) Right-click in list header, form header, or field label and select “Personalize Dictionary”

178
Q

What does the Unique field in System Dictionary do?

A

Allows having unique values in the table’s column selected in the dictionary definition of a field

179
Q

What are Dictionary Overrides?

A

Provide the ability to override several attributes of a particular field in the extended or child tables

180
Q

What attributes can be overwritten in a dictionary override?

A
  • Reference Qualifier
  • Dependent
  • Attributes
  • Default Value
  • Calculation
  • Mandatory
  • Read-only
  • Display Value
181
Q

What is a sys_id?

A

32-character globally unique ID (GUID). Every new record has a sys_id of -1. When inserted, valid sys_id is provided

182
Q

What type of business rule makes server-side objects accessible to client scripts?

A

on Display

183
Q

What type of business rule should be used when calculating metrics and SLAs

A

async

184
Q

What is the maximum recommended number of steps to dot.walk through?

A

3

185
Q

What are the predefined global variables in Business Rules?

A
  • current
  • previous
  • g_scratchpad
  • system (or gs)
186
Q

What is the Current variable and when is it used

A

Used in Business Rules (server-side scripting). Current record being referenced.

187
Q

What is the Previous variable and when is it used

A

Used in Business Rules (server-side scripting). Record before any changes were made. Available on Update and Delete operations. Not available on async

188
Q

What is the g_scratchpad variable and when is it used

A

Used in business rules. Available in On Display business rules to pass server-side information to the client to be used for Client Scripts

189
Q

what is the System variable and when is it used?

A

Used in business rules (also called gs). References GlideSystem functions

190
Q

Record Producer Server-Side Scripting

A
  • use current. to reference fields on the record being created.
  • use producer. to reference values entered by the end user
  • When variables have the same name as the fields in the target table, the record producer populates such fields automatically when inserting the record
191
Q

what is the nil(object) function?

A

Queries an object and returns true of the object is null or contains an empty string

192
Q

What are the global objects available to client scripts?

A
  • g_form - references currently active form
  • g_user - references currently active user
193
Q

What is the difference between a local and global variable in a Business Rule

A

Local variables are contained in functions, global variables are not

194
Q

What is the implication of creating a global variable in a business rule?

A

If a new variable is declared in an order 100 Business Rule, any Business Rules that follow also have access to that variable

195
Q

What are the four methods of fetching server-side data in a client script and which are recommended?

A
  • g_scratchpad - Recommended
  • GlideAjax - Recommended
  • g_form.getReference - Not Recommended
  • GlideRecord - Not Recommended

Second two have a performance impact because they retrieve all attributes of of the record rather than just the required field(s)

196
Q

What is GlideAjax?

A

A server call that can be written in a client script that runs asynchronously

197
Q

What is the difference between g_scratchpad and GlideAjax?

A

g_scratchpad is set once when the form is loaded (set in a Display business rule), whereas GlideAjax is triggered dynamically by the client

198
Q

What is getReference?

A

Used in Client Scripts and returns the GlideRecord for a specified field (excluding user-defined fields). Requires a call to the server

format : getReference(fieldName, callback)

199
Q

What happens when you use getReference without a callback?

A

Process runs synchronously and all processing halts until information returns from the server

200
Q

What happens when you use getReference with a callback

A

Process runes asynchronously and other processing continues until a response from the server is received

201
Q

Is it better to use getReference with a callback or without

A

With

202
Q

What is a callback function

A

A function written in a client script that runs asynchronously after a server call using getRefernce. Call back is defined as a parameter of the getReference

203
Q

What is SSO

A

Single-Sign-On method of access control that enables a user to log in once and gain access to the resources of multiple software systems without having to log in again.

204
Q

What is SAML?

A

Security Assertion Markup Language - XML-based standard for exchanging authentication and authorization data between security domains

205
Q

What are the three main components of SAML?

A
Assertion
Identity provider (producer of assertions)
service provider (consumer of assertions)
206
Q

What are the two main components of LDAP integration?

A
  • SN configurations including
    • ldap server (with a minimum read-only account)
    • OU definition
    • transform map
    • import schedule
  • Importing data using standard method of staging tables and import sets
207
Q

What are the steps in LDAP authentication

A
  1. User enters credentials into SN - password stored in HTTPS session. If the “Source” field of the user record starts with LDAP, validation is attempted using LDAP, otherwise the password on the local user record is used to validate login
  2. SN passes credentials to LDAP server. If password is provided, “Simple Bind” is performed. If not, LDAP must allow anonymous login
  3. LDAP responds with authorized or unauthorized
  4. user as granted or denied access
208
Q

What is the maximum acceptable network ping time?

A

500ms

209
Q

What is the Client Transaction Timings plugin

A

enhances system logs by providing more information of the durations of transactions between client and server

210
Q

Where are client transactions stored?

A

with all other transactions in the transaction log table. client_transaction field is set to true

211
Q

What are the most common mistakes that lead to long-running reports?

A
  • Returning too many results
  • Grouping by fields such as duration or name
  • Reporting on a user-created table that uses many joins on other tables
212
Q

What is the ECC queue?

A

External Communications Channel queue. It is a database table which is queried, updated, and inserted into by other systems

213
Q

What is stored in the ECC queue?

A
  • Messages, two types:
    • From ServiceNow to another system (output message)
    • From another system to ServiceNow (input message)
214
Q

What are the two main processes on a MID Server?

A

Monitors
Workers

215
Q

What is a Mid Server Monitor?

A

runs on its own thread as a timer object and is configured to execute a task periodically, returning its result to the ECC queue

216
Q

What is a Mid Server Worker?

A

on-demand thread that executes a tag when a corresponding ECC output queue record is read from ServiceNow

217
Q

How do MID Server workers get their work?

A

Queue Monitor reads an ECC output queue message and triggers the worker to work

218
Q

What information can be found on stats.do?

A
  • Build Name
  • Build Tag
  • Instance Name
  • Servlet Memory
  • Servlets statistics
  • Semaphores sets
  • OS Configuration
  • Logged in sessions
219
Q

What options are available for separating data and processes?

A
  • Filters
  • System Security
  • Domain Separation
  • Company Separation
  • Separate Instances
220
Q

What does Domain Separation do?

A
  1. Separates Data
  2. Separates administration (workflow, policy, UI definition)
  3. Provides multi-tenancy support

Some global data and processes are shared across all domains, “Remember Me” option is an example

221
Q

Who is domain separation good for?

A

Organizations that want to:

  • Enforce data separation between business entities
  • Customize Business process definitions and user interfaces for each domain
  • Use a single instance of servicenow to maintain global processes and global reporting
222
Q

What is Company Separation?

A

Legacy - domain separator can be based on anything in the system. Any table that contains a domain field inherits data separation. Domain fields can be added to any tbale to extend data separation through the system

223
Q

Can Domains be Hierarchical

A

Yes

224
Q

What and Where is the Debug log

A

System Diagnostics > Debug Log

displays gs.print() and gs.log() statements, as well as server logging information and error messages

225
Q

What are the standard email protocols for ServiceNow?

A

Outbound - SMTP
Inbound - POP3

226
Q

How do Workflows work with Update Sets?

A

Workflows are not included in Update Sets until the Workflow is published, at which point the entire workflow is added to the update set

227
Q

How often are ServiceNow instances backed up?

A

Every 24 Hours

228
Q

What does StartNow stand for?

A

STrategic Alignment and drive Rapid Transformation

229
Q

What is the StartNow methodology

A

ServiceNow’s methodology for implementations. Combination of traditional waterfall approach with SCRUM

230
Q

What are the 6 phases of the StartNow methodology

A
  1. Plan
  2. Discover
  3. Prepare
  4. Deploy
  5. Operate
  6. Transform
231
Q

What is the 1st phase of StartNow and what does it include?

A

Plan:

  • Project Setup
  • Team Setup
  • Project Definition in PPM Application
  • Kick-off
  • Customer Training
  • Arranging Gap analysis workshops
232
Q

What is the 2nd phase of StartNow and what does it include?

A

Discover:

  • Gap Analysis Workshops
  • KPI workshops
  • Integration requirements
  • data requirements
  • backlog of work defined/documented in Scrum
233
Q

What is the 3rd phase of StartNow and what does it include?

A

Prepare:

  • Core Systems Setup
  • LDAP(S) integration
  • Common Data Imported
  • Integrations
  • Scrum planning
234
Q

What is the 4th phase of StartNow and what does it include?

A

Deploy:

  • Build out functionality from SDLC backlog
  • Managed using Agile SCRUM Application
235
Q

What is the 5th phase of StartNow and what does it include?

A

Operate:

  • UAT
  • End User testing
  • Go-live checks
  • Production readiness review
  • Go-live support
236
Q

What is the 6th phase of StartNow and what does it include

A

Transform:

  • Pulse Checks
  • Delivery Assurance
  • Transformation road maps
  • Service Improvement plans
237
Q

What is Upgrade History and where can you find it?

A

System Diagnostics > Upgrade History

Tracks all upgrades made to an instance. Each record examined during an upgrade is tracked and the action taken on that record is tracked as the disposition

238
Q

What does ServiceNow use as core-based technology?

A

MySQL and Tomcat

239
Q

What are the layers of the Core-Based technology

A
  • Top - Who is accessing the instance (browser, SOAP, FTP, etc)
  • Next - top app layer, UI, SOAP, Other
  • Next - Scripting
  • Next - DB Layer
  • Next - MySQL
240
Q

What does the High Security Plugin do?

A

Creates a role called security_admin which is added to the default System Administrator user. New role has “elevated privelage”

241
Q

What does the “Elevated Privelage” attribute of a role do?

A

Means that the user who is assigned the role will need to manually elevate themselves to the role during a session. Session timeout or log-out removes the role

242
Q

What does the security_admin role allow you to do when activated?

A
  • Modify ACLs
  • Import XML Files
  • Access Scripts - Background module
243
Q

How could I improve the performance of an import set?

A

Uncheck the “run business rules” attribute

244
Q

How can I remove the New and Edit buttons from a related list

A

Right-click in the related list header and select Personalize > List Control. Select Omit new button or Omit edit button

245
Q

What does SOAP Stand for?

A

Simple Object Access Protocol

246
Q

What are the four parts of SOAP Message transportation?

A
  1. Endpoint
  2. Action
  3. Headers/Attributes
  4. Envelope
247
Q

What is the SOAP endpoint?

A

URL or Address where the SOAP request is delivered. Must be able to reach the endpoint over the network in order for the communication to succeed.

248
Q

What is a SOAP Action?

A

String that is often optional with the SOAP web service. However, some services do require this to be set. The string is often descriptive of what action should be performed by the web services.

249
Q

What are the SOAP Headers/Attributes?

A

Found within the HTTP request. They contain information regarding the protocol being used as well as other custom information such as session IDs, authentication token, etc.

250
Q

What is the SOAP Envelope?

A

Actual document that describes the details of the SOAP request. This is written in XML format. Has a header and a body similar to an HTML webpage. Header and body details are dictated by the web service and explained in a corresponding WSDL document

251
Q

What are the elements of a SOAP envelope?

A

1) Main Document
2) Header (optional)
3) Body
4) Fault Element (optional)

252
Q

What is the SOAP envelope header?

A

Often contains processing instructions for the envelope, but it is not used in all web services.

253
Q

What is the SOAP envelope Body?

A

Main part of the envelope, is required for SOAP requests. Contains the actual message or request that is to be delivered to the web service.

254
Q

What is the SOAP envelope Fault Element?

A

Often present if there was an error processing the web service request. The Web Service is responsible for populating this element with descriptive information to help the consumer understand what went wrong, and/or what to do next

255
Q

What is the SOAP WSDL?

A

Another XML document that is used in the SOAP protocol. It is a catalog of available functions provided by the web service. A SOAP web service consuming client information should be able to read this and generate a template of each of the available service requests provided by the web service.

256
Q
A