ServiceNow CAD Practice Test - Questions Answers, Page 11

When creating a table in a privately-scoped application, four Access Controls are automatically created for the table. These Access Controls define the permissions for the four basic operations on the table: Create, Delete, Read, and Write. The Create operation allows the user to create new records on the table. The Delete operation allows the user to delete existing records on the table. The Read operation allows the user to view the records on the table. The Write operation allows the user to modify the records on the table. By default, these Access Controls grant access to the admin role and the application scope. You can modify or delete these Access Controls as needed.

The other options are not valid Access Controls for a table. Insert, Query, and Update are not operations, but methods of the GlideRecord class that are used to manipulate records on the server-side. They are not part of the Access Control rules.

References:

[Access Control rules]

Create a table in a scoped application

[GlideRecord methods]

The ServiceNow REST API is a web service that allows you to interact with the ServiceNow platform using HTTP requests and responses. The ServiceNow REST API supports the following methods:

POST: This method allows you to create a new record or execute an action on the ServiceNow platform. For example, you can use the POST method to create an incident or run a script.

GET: This method allows you to retrieve information from the ServiceNow platform. For example, you can use the GET method to get the details of a user or a table.

DELETE: This method allows you to delete a record or a resource from the ServiceNow platform. For example, you can use the DELETE method to delete an attachment or a workflow context.

PUT: This method allows you to update a record or a resource on the ServiceNow platform. For example, you can use the PUT method to update the state of a task or the value of a system property.

PATCH: This method allows you to update a record or a resource on the ServiceNow platform by sending only the changes. For example, you can use the PATCH method to update the short description of an incident or the order of a module.

The method COPY is not part of the ServiceNow REST API. There is no COPY method in the HTTP protocol. To copy a record or a resource on the ServiceNow platform, you need to use the POST method with the clone action.

References:

ServiceNow REST API overview

ServiceNow REST API methods

[ServiceNow REST API actions]

The Automated Test Framework (ATF) is a tool that allows you to create and run automated tests on the ServiceNow platform. The ATF uses test steps to define the actions and validations for each test. The test step that allows you to create a user with specified roles and groups for the test is the Create a user test step. This test step creates a temporary user record that is deleted at the end of the test. You can specify the user name, password, roles, and groups for the user. You can also use the Impersonate a user test step to switch to the created user and perform actions as that user.

The other options are not valid test steps for creating a user. The Create a role and Create a group test steps do not exist in the ATF. To create a role or a group, you need to use the Create a record test step and specify the sys_user_role or sys_user_group table. The Impersonation test step does not create a user, but switches to an existing user.

References:

[Automated Test Framework overview]

[Automated Test Framework test steps]

[Create a user test step]

[Impersonate a user test step]

A workflow is a tool that allows you to automate processes on the ServiceNow platform. A workflow consists of activities and transitions that define the logic and flow of the process. A workflow context is an instance of a workflow that is generated from a workflow version, executes activities, and follows transitions. A workflow context is associated with a specific record on a table and tracks the state and progress of the workflow. You can view and manage the workflow contexts from the Workflow Contexts module or the Workflow Contexts related list on a record.

The other options are not valid definitions of a workflow context. A checked out workflow is a workflow that is being edited by a user and has not been published yet. The table and conditions for a workflow are the criteria that determine when a workflow should run on a record. The business reason or process for a workflow is the purpose and function of the workflow.

References:

[Workflow overview]

[Workflow context]

A benefit of creating an Application Properties page for each application you develop is that Application Properties allow a developer or admin to make changes to an application's behavior without modifying application artifacts. Application Properties are system properties that store configuration information for a specific application. They can be used to control various aspects of the application, such as feature flags, default values, thresholds, or URLs. By creating an Application Properties page, you can group and display all the properties related to your application in one place and make them easy to access and update. This way, you can avoid hard-coding static data in your application code and make your application more flexible and maintainable.

Reference:Working with System Properties,Organizing your ServiceNow System Properties

The statement that is true for this script fragment is that the method returns true if the currently logged in user has the x_my_app_user role or the admin role. The g_user.hasRole() method is a client-side method that checks whether the current user has a specified role or set of roles. If no role is specified, it returns true if the user has any role. If one or more roles are specified, it returns true if the user has any one of the specified roles. However, this method always returns true if the user has the admin role, regardless of the role parameter. Therefore, in this case, the method returns true if the user has either the x_my_app_user role or the admin role.

Reference:User Object Cheat Sheet,Checking user permissions

The correct combination of statements is a, b, and d. These are possible reasons to build custom applications on ServiceNow:

To replace outdated, inadequate, custom business applications and processes. Building custom applications on ServiceNow can help digitize and automate manual or legacy processes that are not covered by existing ServiceNow solutions. This can improve efficiency, data quality, user experience, and innovation.

To extend service delivery and management to all enterprise departments. Building custom applications on ServiceNow can help provide consistent and scalable services across different functions and teams in the organization. This can enhance collaboration, visibility, productivity, and customer satisfaction.

To extend the value of ServiceNow. Building custom applications on ServiceNow can help leverage the capabilities and benefits of the Now Platform, such as low-code development tools, workflow automation engine, AI-powered insights, security operations, etc. This can increase agility, resilience, performance, and value.

The statement c is not a valid reason to build custom applications on ServiceNow:

To allow users full access to all ServiceNow tables, records, and fields. Building custom applications on ServiceNow does not imply granting users full access to all data and objects in ServiceNow. Access control rules still apply to custom applications and their components to ensure security and compliance.

Reference:Build Custom Apps in ServiceNow -- eBook

The statements that must evaluate to true for a user to pass an Access Control are:

Conditions configured in the Access Control must evaluate to true.

The user has one of the roles specified in the Required roles related list.

Scripts configured in the Access Control must evaluate to true.

An Access Control is a rule that determines whether a user can access a particular object or operation in ServiceNow. An Access Control consists of three elements: Conditions, Roles, and Script. Each element specifies a requirement that the user must meet to access the object or operation. If any of these elements return false, the Access Control denies access and stops evaluating the remaining elements. Therefore, for a user to pass an Access Control, all three elements must evaluate to true.

The other statements are not required for a user to pass an Access Control. Other matching Access Controls for the records do not need to evaluate to true, as only one matching Access Control needs to return true for access to be granted. The user does not need to be granted access through a business rule, as business rules are not part of Access Controls and do not affect their evaluation.

Reference:Access control rules,Access Controls

Application Access is a feature that allows you to control the access level of other application scopes to your application's data tables. By selecting the Allow access to this table via web services option, you can enable other application scopes to access your data tables using web services, such as SOAP or REST. However, the user performing the query via web services must have the correct permissions to access the table's records. The user must have the appropriate roles and access controls to perform the operations on the table, such as create, read, write, or delete.

The other statements are not true when this option is selected. This option does not restrict the ability to delete records via web services, nor does it allow records to be always read. The access to the records depends on the user's permissions and the web service method. This option also does not restrict access only to SOAP web services, but applies to both SOAP and REST web services. Finally, this option is not the only way to enable web service access to the table's records. Even when this option is not selected, users with the correct permissions can use web services to access the table's records, as long as they specify the application scope in the web service request.

References:

Application Access

Web service access to scoped applications