What is ServiceNow?

ServiceNow is a cloud-based ITSM (IT Service Management) tool that offers a single record system for business management, operations, and IT services. All features related to the organization’s IT services reside within the ServiceNow ecosystem. You can obtain a complete view of the resources and services. This permits you to control the allocation of resources in a better way and helps to efficiently design the process flow. ServiceNow provides services such as HR, security, business applications, customer service, and IT(Information Technology) service delivery. It is considered an integrated cloud
solution where we can get all of these services in a single place.

Write the full form of CMDB and explain what is it?

CMDB stands for Configuration Management Database. CMDB is repository that can be used as a data warehouse for IT installations. It will hold the data associated with IT assets collections and details about relationships between assets.

Explain the steps for enabling or disabling an application in ServiceNow

Use the below-given steps to enable or disable an application in ServiceNow:
1. Go to the “Application Menus” module.
2. Open the required application that has to be enabled or disabled.
3. You can set the active value as “true” to enable the application. To disable the application set the active value as “false”.

Explain record matching and data lookup features in ServiceNow.

The data lookup and record matching features allow you for setting up the field value based on a particular condition instead of scriptwriting. For example, on incident forms, the priority lookup rules automatically sample data. Now, set the priority of an incident based on the urgency values and the incident impact. Data lookup rules allow you to specify the fields and conditions where you wish data lookup to happen.

What is meant by Coalesce in ServiceNow?

The field property that is used in transform map field mapping is known as Coalesce.Coalescing on a field allows you to use that field as a unique key. The existing record will get updated with the imported information if a match with the coalesce field is found. If you can’t find a match, then insertion of a new record into the database will take place.

What is meant by impersonating a user? How it is useful?

Impersonating a user means providing the administrator access to what the actual user would have access to. This will have the same modules as well as menus. ServiceNow records all activities of an administrator when the user is impersonating another user. This feature of ServiceNow is very helpful in testing. For example, if you want to test that whether a user is able to access the change form or not. You are allowed to impersonate that user and can perform testing without any need of logging out from your session and again logging in with that user credentials.

What is dictionary override in ServiceNow?

Dictionary overrides allow for overriding various field properties in an extended table. Consider an example of a changing table that is extended from the task table. There is a status field in the task table which is set as read-only. If you use this field in change form, it will be in read-only mode. By using the dictionary override, we can alter this to non-read only.

What is a data policy?

Data policies are helpful to enforce data consistency by setting read-only and mandatory states. They can be quite relatable to UI policies, but the difference is UI policies are applied only to the data provided on forms using standard browsers. Also, it can apply rules to each data entered, like data entered through import sets, web services, email, or mobile UI. For example, if a mandatory field in the entered record is empty then it is possible to prevent the insertion of that record into the table by using data policy.

What are UI policies in ServiceNow?

UI policies are considered as an alternative for client scripts. You can set a field as mandatory, which is read-only, and visible on a form by using UI policies. It can be used to dynamically change a field on a form.

What is a transform map in ServiceNow?

1. A transform map in ServiceNow is a field map set that controls the relationship between the import set table’s displayed fields and the target table’s existing fields, like {“detectHand”:false} or {“detectHand”:false}.
2. After transform map creation, you can reuse this to map data from one more import set to the same table.
3. A transform map allows an administrator to define final destinations for data imported on tables. This will make it easier to specify linkage between the import set table’s source fields and the target table’s destination fields.
4. You can use transform mapping to dynamically map source fields and destination fields.

What is domain separation in ServiceNow?

Domain separation is a useful method for separating data into logically defined domains.Also, it can be used to separate administration. For example, consider a client who has twobusinesses and has a single ServiceNow instance for both businesses. He doesn’t want usersfrom one business to view other business data. In this case, we can use domain separation forisolating the records from both businesses.

What is a business rule?

The business rule is server-side scripting, which gets executed when you try to insert, delete, update, display or query a record. The main use of creating a business rule is that you can decide when and on what action it will execute.

What is import set in ServiceNow?

The import set tool is utilized for importing data from multiple sets of data sources and then map that data into ServiceNow tables through transform maps. It behaves as a staging table for imported records.

What is HTML sanitizer in ServiceNow?

The HTML Sanitizer is useful in cleaning up HTML markup in HTML fields automatically. Also, it will eliminate unwanted code and protect against security threats like cross-site script attacks. Starting from the Eureka release, the HTML sanitizer is active for all instances.

What are the gauges in ServiceNow?

A gauge can be seen on the homepage of ServiceNow and can contain up-to-date information about the record’s current status that is present on ServiceNow tables. A gauge is based on a report and it can be placed on a homepage or a content page.

What are the metrics in ServiceNow?

Metrics are used for recording and measuring the workflow of individual records. By using metrics, customers are able to arm their process by giving tangible figures for measuring. For example, how much time it takes before a ticket is reassigned or changes its state.

What are the different types of searches that are available in ServiceNow?

Below given list of searches are helpful in ServiceNow to find the information:
Lists: Used to obtain records in a list.
Knowledge base:Used to find knowledge-based articles.
Global Text Search: Used to find records in different tables from a search field.
Navigation Filter: Used to filter the application navigator items.
Search screens: Use a form as an interface for searching table records. These custom modules can be created by administrators.

What do you mean by a record producer in ServiceNow?

Catalog item that permits users in the creation of task-based records by using Service Catalog is known as a record producer. For example, you can consider the creation of a problem record or a change record by using a record producer. It will give you an alternative method for the creation of records via Service Catalog.

What is a BSM Map?

BSM map stands for Business Service Management map. Configuration Items(CI) are graphically displayed by using a BSM map. These items are used to provide support for a business service and indicates the Configuration Items related status.

What is ACL in ServiceNow?

ACL(Access Control List) in ServiceNow defines what can be accessed by data users and in what way they can access the same. ACL rules require users to fulfill individual requirements to obtain access to particular data.

What is an inactivity monitor?

An inactivity monitor is used in event triggering for a task record if the task was kept in an inactive state for a certain period. If the task remains in an inactive state, the inactivity monitor repeats at regular intervals.

What is a scorecard?

A scorecard is used for measuring employee performance or a business process. It provides a representation of progress across time in the visualized format. It belongs to an indicator. The initial step is defining the indicators that you wish to measure. You can enhance scorecards by adding aggregates, targets, breakdowns(scores per group), and time series.

Differentiate between next() and _next() method in ServiceNow.

The next() method is used for moving into the next record in GlideRecord. next() is quite similar to _next(), the difference is it is used when you query the table that has next as a column name.

Explain the types of reports available in ServiceNow.

Bar reports: They allow you for comparing scores over data dimensions.
Pie and Donut reports: It helps to visualize the relationship between parts and the entire data set using various shapes like pies.
Time Series reports: It helps to visualize data over time. You can make use of MetricBase data in time series reports, along with your instance data and imported data sources.
Multidimensional reports: It helps to visualize data across dimensions in a table or graph
Scores: It helps to visualize single data points either as a single value or across ranges.
Statistical reports: It helps to visualize data with statistical values like means and medians.
Other reports contain calendars, lists, and maps.

What is a foreign record insert?

When an import does a modification to a table that is not the target table for that particular import, then a foreign record insert happens. This occurs when you try to update a reference field on a table.

How to set the invalid queries into empty result sets in ServiceNow?

By default, queries having invalid field names executes but invalid condition will be ignored. You can enable the glide.invalid_query.returns_no_rows property.It will produce an empty result set for invalid queries.

List out the order of processing for Record ACL rules in the ServiceNow platform

Processing order for Record ACL rules is given below: for more strict query control.
1. Matching the object against ACL rules related to the field. Matching the object against ACL rules related to the table.
2. Both field and table ACL rules must be passed by the user to gain access to a record object.

How to restrict users from uploading an attachment in ServiceNow?

Following is the stepwise process for restricting users to upload an attachment: Go to System Properties -> Security.
Under the Attachment limits and behavior section, search for a role list that can produce attachments: property(glide.attachment.role). Mention one or more roles(separated by commas).
Only roles listed under this property will be allowed to upload attachments to a record. If no roles are mentioned, then all roles are permitted to upload attachments to ServiceNow forms.
Click on Save.

What is the scope of cascade variable checkbox in order guide in ServiceNow?

It is a checkbox for selecting whether the used variables should cascade, which transmits their values to the items ordered. Variable data entered in the order guide will not be passed on to ordered items if we clear this checkbox.

Explain Change Management in ServiceNow.

The Change Management application in ServiceNow gives an organized approach for controlling the life cycle of entire changes. It also provides useful changes to be made with minimum interference to IT services.

MID Server Installation

1: What are the system requirements for installing a MID Server in ServiceNow?
A: The system requirements for installing a MID Server are as follows:

• Operating Systems: Windows 2003, 2008, and 2012
• Memory: Minimum 4 GB of available RAM
• Disk Space: Minimum 500 MB
• Roles Required: MID Server User or Admin roles
  No specific license is required for MID Server installation. Additionally, you need to create a dedicated MID Server folder in the C drive to extract and configure the necessary files​

MID Server Security and Rekeying

2: What is the purpose of rekeying a MID Server, and when should it be done?
A: Rekeying a MID Server involves generating a new set of private and public key pairs. The purpose of this process is to enhance security by ensuring that automation credentials remain encrypted during transmission.
It is recommended to periodically rekey MID Servers to meet organizational security requirements or when a security compromise is suspected

3: How does the validation process secure a MID Server?
A: Validation restricts access to automation credentials, ensuring that only trusted MID Servers can access them and execute outbound ECC probes.
During validation, you can:

• Specify the capabilities the MID Server can use.
• Define the applications it supports.
• Set IP ranges it is allowed to explore.
  Once validated, the MID Server is secure and ready for automation tasks​

MID Server Logs and Performance Monitoring

4: How do you access and analyze MID Server logs in ServiceNow?
A: To access MID Server logs:

1. Log in to the ServiceNow instance.
2. Navigate to MID Server > Logs.
3. Select a specific MID Server from the list.
4. Filter logs by date, log level, or message text for targeted analysis.
   Logs can also be exported for further examination​

5: What metrics are important when monitoring MID Server statistics?
A: Key performance metrics for monitoring MID Server statistics include:

• CPU Usage
• Memory Usage
• Disk Space Utilization
• Network Utilization
  Additionally, monitoring the number of inbound and outbound messages and the status of various MID Server processes can help identify bottlenecks or performance issues

6: How do you manually restart a MID Server?
A: To manually restart a MID Server:

1. Open the agent directory where the MID Server files are located (e.g., C:\ServiceNow\MID Server1\agent).
2. Execute stop.bat to stop the MID Server.
3. Run restart.bat or start.bat to restart the server if it was stopped​

Technical Questions

7: What steps are involved in validating a newly installed MID Server?
A:

1. Navigate to MID Server > Servers in the ServiceNow instance.
2. Select the newly created MID Server.
3. Under Related Links, click Validate.
4. If no capabilities, applications, or IP ranges are set, the Set Initial Selection Criteria window appears.
5. Choose whether to allow all capabilities, applications, or IP ranges, then click OK.
6. The MID Server status will move to Validating, and upon success, set to Yes​

8: How do you upgrade a MID Server manually?
A:

1. Navigate to Discovery > MID Servers or Orchestration > MID Server Configuration > MID Servers.
2. Open the MID Server record you wish to upgrade.
3. Click Upgrade MID under Related Links.
4. Confirm the upgrade.
5. Ensure the MID Server is validated and in the Up state for the upgrade to proceed​

9: How do automation credentials remain secure during communication between a MID Server and ServiceNow?
A: Automation credentials are encrypted in the instance using the MID Server’s trusted public key before transmission. When the MID Server is validated, it generates a key pair (public and private keys). The private key is then used to decrypt automation credentials during communication

10: What is the difference between MID Server validation and invalidation?
A:

• Validation: Ensures that only trusted MID Servers can access automation credentials and perform tasks. The MID Server must meet selection criteria such as capabilities, supported applications, and IP ranges.
• Invalidation: Used when a MID Server is suspected of being compromised. It clears the MID Server’s memory and restarts it with a new key pair

Scenario-Based Questions

11: You notice that the MID Server is not processing ECC probes as expected. How would you troubleshoot this issue?
A:

1. Check MID Server Status: Ensure the MID Server is validated and in the Up state.
2. Review Logs: Navigate to MID Server > Logs and filter by error messages or time of occurrence.
3. Check Network Connectivity: Ensure the MID Server can reach the ServiceNow instance and target devices.
4. Validate Capabilities: Verify that the MID Server has the correct capabilities enabled for the task.
5. Restart the MID Server: Use restart.bat to reset the service if needed​

12: If the MID Server key pair has expired or is compromised, what steps would you take to rekey it?
A:

1. Navigate to MID Server > Servers.
2. Open the MID Server requiring a rekey.
3. Click Rekey under Related Links.
4. The system will generate a new key pair and validate the MID Server automatically upon rekeying.
5. Test automation tasks to ensure functionality is restored​

13: Your organization requires the MID Server to target a new set of IP ranges. How would you configure this?
A:

1. Navigate to MID Server > Servers and open the MID Server record.
2. Under Related Links, click Set Initial Selection Criteria.
3. Enable or specify the new IP ranges.
4. Save the changes and ensure the MID Server is validated​

Connection Parameters for MID Server

14: What is the role of the glide.mid.fast.responses parameter in MID Server communication, and when would you enable it?
A: The glide.mid.fast.responses parameter instructs the MID Server to send messages to the instance as soon as they are ready, allowing multiple messages to be transmitted simultaneously.
When to enable: Only under special circumstances, such as when reducing the response time of probes is crucial. However, enabling it may consume more resources and impact instance responsiveness.

15: How does setting the mid.poll.time parameter affect the MID Server’s performance?
A: The mid.poll.time parameter determines the polling interval for the MID Server when checking the ECC queue for tasks. The default value is 40 seconds.
If the AMB client is disabled, the default polling interval changes to 5 seconds. Configuring this parameter ensures that the MID Server efficiently handles task queues based on operational requirements.

Configuring IP Ranges and MID Server Capabilities

16: How do IP ranges influence MID Server selection for applications like Discovery and Service Mapping?
A: IP ranges define the network segments a MID Server can target.

• Discovery: Selects a MID Server based on the IP address or range specified.
• Orchestration: Matches the MID Server’s IP range to the target machine’s IP.
• Service Mapping: Finds the MID Server whose IP range matches the discovery request.

17: How do you configure MID Server capabilities, and why are they essential?
A:

1. Navigate to MID Server > Capabilities.
2. Select an existing capability or create a new one.
3. Configure the value for the capability and add MID Servers as needed.
   Importance: Capabilities help applications like Orchestration, Discovery, and Service Mapping select the most appropriate MID Server for their tasks.

18: How do MID Server clusters enhance stability and performance?
A: MID Server clusters support:

• Load Balancing: Distributes tasks across multiple MID Servers, improving stability and performance.
• Failover Protection: Ensures task continuity by assigning tasks to another MID Server if one fails.

ServiceNow Discovery

19: What is ServiceNow Discovery, and how does it contribute to ITOM?
A: ServiceNow Discovery automates the identification and mapping of IT infrastructure components across a network. It collects data about physical and virtual servers, databases, network devices, and applications, populating the CMDB.
Benefits:

• Provides real-time visibility into IT infrastructure.
• Reduces manual effort in maintaining the CMDB.
• Enables better tracking of changes and dependencies.

20: Explain the difference between horizontal and top-down discovery.
A:

• Horizontal Discovery: Scans the network to find devices and applications, creating direct relationships between CIs.
• Top-down Discovery: Maps CIs as part of business services, showing relationships between components like databases and application servers.

21: What are probes, sensors, and patterns in Discovery, and how are they different?
A:

• Probes: Scripts that collect data from devices on the network.
• Sensors: Scripts that parse the data returned by probes and update the CMDB.
• Patterns: Series of operations written in the Neebula Discovery Language (NDL) to collect and process data, typically used in later discovery stages.

22: What are the phases of horizontal discovery, and what happens in each phase?
A:

1. Scanning: Sends the Shazzam probe to check for open ports.
2. Classification: Identifies the type of device or operating system using probes.
3. Identification: Gathers detailed information and determines if a CI already exists in the CMDB.
4. Exploration: Collects additional attributes and creates relationships between CIs.

Scenario-Based MID Server Questions

23: You notice that the MID Server’s message queue is growing rapidly, and tasks are being delayed. How would you troubleshoot and resolve the issue?
A:

1. Check the Message Queue Size: Verify if the glide.mid.max.sender.queue.size parameter is set appropriately. Increase it if needed.
2. Review Logs: Navigate to MID Server > Logs to check for communication errors.
3. Network Connectivity: Ensure there are no network issues between the MID Server and the ServiceNow instance.
4. Resource Allocation: Check if the server hosting the MID Server has sufficient CPU and memory resources.
5. Thread Configuration: Increase the threads.max parameter if the current value is too low. However, keep it within the system’s capacity.

24:  A MID Server fails during an ongoing Discovery process. What steps would you take to ensure minimal impact?
A:

1. Failover: If the MID Server is part of a failover cluster, the next available MID Server will automatically take over.
2. Check Cluster Configuration: Verify that all MID Servers in the cluster have the necessary capabilities.
3. Restart the Failed MID Server: Execute the restart.bat file to bring it back online.
4. Reassign Tasks: Manually reassign tasks if the failover did not occur.

Scenario-Based Discovery Questions

25:  Your organization is planning to map a complex business service involving multiple servers and databases. How would you approach this using ServiceNow Discovery?
A:

1. Run Horizontal Discovery: Start by identifying the underlying infrastructure components (servers, databases, and applications).
2. Use Top-Down Discovery: Map the relationships between these components to visualize the entire business service.
3. Patterns and Probes: Configure custom patterns or probes to capture specific data about the components.
4. Validate CMDB Entries: Ensure all discovered CIs are accurately represented and linked in the CMDB.

26:  A device on your network is not being discovered despite being reachable. How would you troubleshoot the issue?
A:

1. Network Configuration: Ensure the device is within the IP range configured for Discovery.
2. Probes and Sensors: Verify that the appropriate probes (like WMI for Windows) are being triggered.
3. Classification Rules: Check if a suitable classifier exists for the device type.
4. Access Credentials: Ensure that Discovery has the correct credentials to access the device.
5. Logs: Review Discovery logs for error messages.

Scenario-Based Configuration Questions

27: Your team needs to deploy a MID Server for a highly resource-intensive environment. How would you configure it for optimal performance?
A:

1. Resource Allocation: Allocate at least 8 GB RAM and a multi-core CPU for the MID Server host.
2. Thread Configuration: Increase threads.max to a value that balances performance without exhausting system resources.
3. Load Balancing Cluster: Configure the MID Server as part of a load-balancing cluster to distribute tasks.
4. Queue Size: Adjust glide.mid.max.sender.queue.size to handle larger message queues.
5. Monitor Performance: Regularly review MID statistics to optimize configuration.

28:  You need to configure a MID Server to manage discovery tasks across multiple subnets securely. What steps would you take?
A:

1. Define IP Ranges: Navigate to MID Server > IP Ranges, and configure the required subnet ranges.
2. Security: Ensure that firewalls allow communication between the MID Server and target devices.
3. Capabilities: Assign the required capabilities to the MID Server to handle Discovery tasks.
4. Validate the MID Server: Ensure it is validated for secure communication.

Scenario-Based Discovery and MID Server Questions

29:  ABC Corporation has installed a new MID Server named “ABCMID.” How would you validate the MID Server and check its health?
A:

1. Validation:
   • Navigate to MID Server > Servers in ServiceNow.
   • Select the “ABCMID” server and click Validate under Related Links.
   • Ensure the status changes to Validated after the process completes.
2. Health Check:
   • Check Logs: Navigate to MID Server > Logs for any errors.
   • Review Statistics: Analyze CPU, memory, and network usage to identify performance bottlenecks.
3. Restart if Needed:
   • Use the restart.bat file from the MID Server agent directory to restart the service if any errors persist.

30:  The organization requires specific capabilities for “ABCMID” such as Nmap, AWS, and PowerShell. How would you configure these capabilities?
A:

1. Navigate to MID Server > Capabilities.
2. Click New and define the capability (e.g., Nmap, AWS, or PowerShell).
3. Assign the “ABCMID” MID Server to these capabilities by editing the Related List in the capability record.
4. Save the configuration.

31:  Discovery fails to authenticate on some Linux devices. What steps would you take to troubleshoot and resolve the issue?
A:

1. Verify Credentials: Ensure the correct SSH credentials are configured.
2. Check Credential Aliases: Use credential aliases to limit access to specific credentials for Discovery schedules.
3. Review Logs: Check Discovery logs to identify specific errors during authentication attempts.
4. Network Configuration: Ensure firewalls allow SSH communication between the MID Server and target devices.
5. Affinity Configuration: Enable IP Service Affinity to prioritize successful protocols for future runs.

32:  You need to create a Discovery schedule for Windows servers, ensuring secure and efficient scanning. How would you configure it?
A:

1. Navigate to Discovery > Discovery Schedules.
2. Click New and configure:
   • Name: Windows Server Discovery
   • IP Range: Define the subnet range for Windows servers.
   • Credentials: Use secure Windows administrator credentials.
   • MID Server: Select the appropriate MID Server for the scan.
   • Schedule: Set it to run daily at 3:00 AM.
3. Save the schedule and run a test to ensure successful discovery.

Scenario-Based Discovery Enhancements

33:  ABC Corporation wants to improve discovery efficiency by using load balancing with multiple MID Servers. How would you set it up?
A:

1. Navigate to MID Server > Clusters.
2. Click New and select Load Balancing as the cluster type.
3. Add multiple MID Servers, including “ABCMID,” to the cluster.
4. Save the configuration to enable automatic task distribution.

34: The IT team wants to limit Discovery to specific IP ranges to improve security. How would you achieve this?
A:

1. Navigate to MID Server > IP Ranges.
2. Click New and define the required IP ranges.
3. Assign these IP ranges to the appropriate Discovery schedules.
4. Save the configuration and validate the changes.

35: How would you secure Discovery by managing credential exposure?
A:

1. Use Credential Aliases: Create aliases for Discovery schedules to control credential usage.
2. Affinity Filtering: Ensure the MID Server filters credentials by affinity to select the most appropriate ones.
3. Regular Testing: Test credentials periodically to avoid failures during Discovery.

Discovery and MID Server Security Scenarios

36:  A Discovery run at ABC Corporation reports multiple credential failures on target devices. How would you troubleshoot and resolve this issue?
A:

1. Analyze Failure Logs:
   • Navigate to Discovery > Status to check for error logs.
2. Check Credential Aliases:
   • Ensure the Discovery schedule uses the correct credential aliases to prevent exposure of elevated credentials.
3. Test Credentials:
   • Navigate to Connections & Credentials > Credentials, select the credentials, and click Test.
   • Correct any failed authentication attempts.
4. Affinity Validation:
   • Confirm that credential affinity exists for target devices and that successful credentials are prioritized for future runs.

37: The IT team notices slow performance during Discovery runs. How would you optimize Discovery for faster results?
A:

1. Increase MID Server Resources: Allocate more CPU and memory to the MID Server.
2. Load Balancing:
   • Configure multiple MID Servers in a Load Balancing Cluster.
3. Polling Optimization:
   • Adjust the mid.poll.time parameter for faster ECC queue polling.
4. Shazzam Probe Optimization:
   • Configure multiple Shazzam probes to improve network scanning efficiency.
5. Restrict IP Ranges: Limit Discovery to specific network segments to reduce scan time.

38: How would you ensure secure communication between the MID Server and the ServiceNow instance?
A:

1. Enable HTTPS: Ensure that the MID Server uses secure communication via HTTPS.
2. Truststore Configuration:
   • Set up the mid.https.truststore.path and mid.https.truststore.password parameters to configure secure TLS transactions.
3. Disable Basic Authentication:
   • Set mid.instance.skip_basic_auth to true to prioritize secure cookie-based authentication.
4. Firewall Security: Ensure no special firewall rules or VPNs are required, as MID Server initiates all communication.

39: ABC Corporation wants to discover resources in its AWS cloud environment. How would you set up Discovery for cloud resources?
A:

1. Activate Cloud Discovery: Enable the required plugins.
2. Create a Cloud Discovery Schedule:
   • Navigate to Discovery > Discovery Schedules.
   • Select Create a Cloud Discovery Schedule.
3. Configure Credentials: Use secure AWS access credentials.
4. Select MID Server: Choose a MID Server with cloud capabilities.
5. Schedule and Test: Set a schedule and test the discovery run.

40: How would you handle dynamic IP ranges in Discovery for a highly flexible network environment?
A:

1. Use Quick Ranges: Dynamically add ranges during Discovery runs.
2. Auto-assignment: Enable automatic IP range assignment during Discovery setup.
3. Wildcard Support: Utilize wildcard IP ranges when defining target subnets.
4. Regular Updates: Continuously monitor and update IP range configurations.

41: Service Mapping fails to discover relationships between key business services. What steps would you take to troubleshoot the issue?
A:

1. Check Initial Horizontal Discovery: Ensure that horizontal Discovery successfully identifies the underlying infrastructure.
2. Validate Probes and Patterns: Ensure correct patterns and probes are being triggered for Service Mapping.
3. Review Logs: Analyze Service Mapping and Discovery logs for errors.
4. Re-run Top-Down Discovery: Manually trigger top-down discovery for application services.

42: You need to monitor multiple remote offices with different IT environments (Windows, Linux, macOS). How would you deploy and manage MID Servers efficiently?
A:

1. Deploy Multiple MID Servers: Install MID Servers at each remote office.
2. Cluster Configuration: Use load-balancing clusters to distribute tasks efficiently.
3. Platform Configuration: Configure Nmap, SSH, WMI, and PowerShell capabilities for platform-specific discovery.
4. Central Monitoring: Use ServiceNow MID Statistics to monitor and manage MID Server health.

Probes, Sensors, and ECC Queue Scenarios

43: You need to create a custom probe in ServiceNow Discovery to test the availability of a website. How would you configure it, and what script would you use?
A:

1. Access Probes: Navigate to Discovery > Probes and click New.
2. Configuration:
   • Name the probe “Website Test”.
   • Set Probe Type to Script Probe.
3. Script: Use the following JavaScript code to send a GET request:

(function () {

    var url = ‘https://www.example.com’;

    var xhr = new XMLHttpRequest();

    xhr.open(‘GET’, url);

    xhr.send();

    if (xhr.status >= 200 && xhr.status < 300) {

        return ‘OK’;

    } else {

        return ‘FAILED’;

    }

})();

44: Discovery scans are not completing, and you suspect an issue with the ECC Queue. How would you troubleshoot and resolve it?
A:

1. Check ECC Queue: Navigate to ECC Queue and look for stuck or error messages.
2. Analyze Errors: Identify if the errors are due to missing probes or sensors.
3. Review MID Server Logs: Look for connectivity issues between the MID Server and ServiceNow instance.
4. Clear Stuck Messages: Delete or reset stuck messages if needed.
5. Test Discovery: Run a test scan to confirm the issue is resolved.

45: Your organization needs to create a Discovery pattern to identify a new application running on web and database servers. How would you approach this?
A:

1. Access Pattern Designer: Navigate to Discovery Pattern Designer and click New Pattern.
2. Define the Pattern:
   • Name: “Custom App Discovery”
   • Targets: Add IPs of web and database servers.
3. Configure Probes: Add an HTTP Probe for web servers and Database Probe for database servers.
4. Add Sensors: Configure sensors to parse HTTP responses and database schema data.
5. Test and Publish: Run a test and publish the pattern if successful.

Dependency Views and Map Indicators Scenarios

46: How would you create a new map indicator to highlight critical servers in dependency views?
A:

1. Navigate to Dependency Views > Map Indicators.
2. Click New and provide:
   • Name: “Critical Servers”
   • CI Type: “Server”
   • Color: Red
   • Icon: Select a server icon
   • Criteria: Set the priority to “1” for critical servers
3. Save the configuration and verify its appearance in dependency views.

47: How would you use Dependency Views to plan an infrastructure change?
A:

1. Access Dependency Views: Navigate to Configuration > Dependency Views.
2. Select Root CI: Choose the CI for which the change is planned (e.g., a database server).
3. Analyze Dependencies:
   • Identify upstream and downstream CIs that may be impacted by the change.
   • Evaluate the depth of the dependency view to ensure all potential impacts are visible.
4. Plan Mitigation:
   • Notify stakeholders based on affected CIs.
   • Schedule maintenance windows accordingly.
5. Execute and Monitor: Implement the change and use the dependency view to monitor for incidents.

Advanced Discovery Scenarios

48: Your organization recently integrated a new set of Linux servers. Discovery fails to capture the correct configurations and dependencies for these servers. How would you troubleshoot and resolve this issue?
A:

1. Verify Probes and Sensors:
   • Ensure the appropriate SSH Probes are configured for Linux servers.
   • Check that Linux SSH Sensors are enabled to interpret the data from the probes.
2. Review Discovery Logs: Analyze logs for connection errors or incorrect credentials.
3. Credential Validation:
   • Test SSH credentials in Discovery > Credentials to confirm access.
4. Network Configuration:
   • Ensure firewalls allow SSH communication between the MID Server and the target servers.
5. Discovery Patterns: If the default patterns are not sufficient, customize patterns using the Pattern Designer.
6. Test and Validate: Rerun the discovery and verify the results in the CMDB.

49:  Discovery scans are taking too long to complete. What steps would you take to optimize Discovery performance?
A:

1. Use Multiple MID Servers: Configure Load Balancing Clusters to distribute discovery tasks across multiple MID Servers.
2. Shazzam Probe Configuration: Use multiple Shazzam probes to scan network ranges simultaneously.
3. Restrict IP Ranges: Limit scans to specific subnets or devices to reduce scan time.
4. Reduce Probe Timeout: Lower the timeout values for probes to avoid delays.
5. Thread Configuration: Increase the number of worker threads in MID Server settings to handle more tasks concurrently.

50:  Your CMDB is populated with duplicate entries for the same servers. How would you identify and resolve the issue?
A:

1. Identification Rules:
   • Verify that the Identification Rules are properly configured in Configuration > CI Class Manager.
   • Ensure key attributes (like hostname, serial number) are set correctly for reconciliation.
2. Data Reconciliation:
   • Use Identification Reconciliation Engine to merge duplicate records.
3. Discovery Configuration:
   • Ensure Discovery is not misclassifying devices due to missing or incorrect probes.
4. Data Sources:
   • Analyze data sources feeding the CMDB to ensure consistency.
5. Audit and Clean-up:
   • Manually review and clean up duplicate records.

CMDB Troubleshooting Scenarios

51:  A business service map in Dependency Views is missing critical components. How would you troubleshoot and fix this?
A:

1. Check Service Mapping: Ensure Service Mapping is activated and correctly configured.
2. Discovery Validation: Verify that all infrastructure components have been discovered and mapped to the correct CIs.
3. Dependency Rules: Review and update dependency rules in Configuration > Dependency Views to capture missing relationships.
4. Map Indicators: Create custom indicators to highlight missing or critical components.
5. Re-run Discovery: Run Discovery schedules to update the CMDB and refresh dependency views.

52: You need to track a recurring issue where changes to CIs in the CMDB are causing incidents. How would you approach this?
A:

1. Dependency Analysis: Use Dependency Views to analyze upstream and downstream relationships of the affected CIs.
2. Change History: Review the Change History for the impacted CIs to identify recent modifications.
3. Incident Analysis: Correlate incident records with CMDB changes to identify patterns.
4. Notification Setup: Configure alerts for changes to high-priority CIs using map indicators.
5. Mitigation Strategy: Implement stricter change management controls and dependency-based risk assessments.

Dependency Views and Outage Management Scenarios

53: A critical ServiceNow outage affects business services integrated through the platform. How would you minimize the impact and manage the outage using Dependency Views?
A:

1. Identify Impacted Services:
   • Use Dependency Views to trace the impact of the outage by visualizing dependent applications and services.
2. Stakeholder Communication:
   • Notify stakeholders, including IT teams and customers, about the outage and its operational impact.
3. Monitor Dependent Systems:
   • Keep an eye on alerts and incidents linked to affected CIs using the graphical indicators in Dependency Views.
4. Evaluate Contingency Plans:
   • Implement backup systems or alternate workflows to maintain critical operations.
5. Post-Outage Review:
   • Conduct a root cause analysis and evaluate the effectiveness of contingency measures.

Orchestration Scenarios

54:  Your team needs to automate password resets for Active Directory users. How would you achieve this using ServiceNow Orchestration?
A:

1. Activate Orchestration Plugins:
   • Enable the Orchestration Plugin and Active Directory Activity Pack.
2. Create a Workflow:
   • Navigate to Workflow Editor and create a new workflow for AD password reset.
3. Drag and Drop AD Activities:
   • Use the Reset Password Activity from the AD activity pack in the workflow.
4. Input Variables:
   • Define input variables for username and new password.
5. Test and Validate:
   • Test the workflow to ensure it resets passwords successfully without errors.
6. Attach to Service Catalog:
   • Create a Service Catalog item and link the workflow.

55:  An Orchestration workflow is failing to execute commands on Windows servers using PowerShell. How would you troubleshoot this issue?
A:

1. Review MID Server Configuration:
   • Ensure the MID Server has the correct capabilities and access to target systems.
2. PowerShell Activity Debugging:
   • Use the Activity Debugger to troubleshoot authentication or access issues.
3. Verify Credentials:
   • Confirm that the correct credentials are assigned and test them using the activity designer.
4. Protocol Configuration:
   • Ensure PowerShell Remoting is enabled and accessible on the target server.
5. Logs Analysis:
   • Check the MID Server logs for detailed error messages.

56: How would you create a custom orchestration workflow to provision a new user in Active Directory?
A:

1. Prepare the MID Server:
   • Ensure the MID Server is active and has access to the AD environment.
2. Create Workflow:
   • Navigate to Workflow Editor > Orchestration and create a new workflow.
3. Add AD Activities:
   • Drag the Create AD Object activity between the Begin and End steps.
4. Define Input Variables:
   • Configure variables for Username, First Name, and Last Name.
5. Configure AD Parameters:
   • Set OU, Domain Controller, and object data fields using placeholders like:
   • { “givenName”: “${workflow.inputs.u_first_name}”, “sn”: “${workflow.inputs.u_last_name}” }
6. Validate and Test:
   • Test the workflow and attach it to a Service Catalog item.

57: How would you automate a multi-system process using ServiceNow Orchestration and third-party integrations?
A:

1. Enable Integration Hub:
   • Activate the Integration Hub to access pre-built connectors for third-party systems.
2. Design the Workflow:
   • Use the Orchestration Designer to visually represent the process flow.
3. Configure Probes and Activities:
   • Add activities for REST API calls, SSH commands, and PowerShell operations.
4. Apply Custom Scripting:
   • Write custom logic in JavaScript for complex automation tasks.
5. Test and Monitor:
   • Validate the workflow and monitor execution logs for errors.

Business Use Case Scenarios

58:  ABC Corporation wants to automate software distribution to client machines and manage license compliance using ServiceNow Orchestration. How would you achieve this?
A:

1. Enable Required Plugins:
   • Activate the Orchestration Plugin and the Software Distribution Activity Pack.
2. Design Workflow:
   • Navigate to Workflow Editor and create a new software distribution workflow.
3. Add Activities:
   • Include SCCM Get Activities to query software availability and deployment status.
4. Define License Compliance Logic:
   • Use custom scripting to track software lease start and end dates and enforce compliance.
5. Integration with CMDB:
   • Ensure the workflow updates software information in the CMDB for accurate asset tracking.
6. Testing and Execution:
   • Test the workflow and attach it to a Service Catalog item for user requests.

59:  How would you use ServiceNow Dependency Views to identify the root cause of a performance issue in a business-critical service?
A:

1. Access Dependency Views:
   • Navigate to Configuration > Dependency Views and select the affected business service.
2. Analyze Relationships:
   • Examine upstream and downstream CIs for alerts or performance degradation.
3. Check Impacted Components:
   • Identify which application servers, databases, or network devices are affected.
4. Incident Correlation:
   • Cross-check active incidents or change requests linked to impacted CIs.
5. Mitigation:
   • Implement corrective actions, such as scaling resources or rolling back changes.

60:  A client wants to automate Active Directory user provisioning, including creating users and assigning them to specific groups. How would you achieve this in ServiceNow Orchestration?
A:

1. Activate Active Directory Plugin:
   • Enable the Active Directory Activity Pack.
2. Create Workflow:
   • Navigate to Workflow Editor > Orchestration and create a new workflow.
3. Add AD Activities:
   • Drag and drop the Create AD Object and Add User to Group activities.
4. Define Input Variables:
   • Configure inputs for Username, First Name, Last Name, and Group Name.
5. Customize Object Data:
   • Provide object data for AD attributes like:
   • { “givenName”: “${workflow.inputs.first_name}”, “sn”: “${workflow.inputs.last_name}” }
6. Test and Attach to Service Catalog:
   • Test the workflow and link it to a catalog item for automated requests.

Orchestration Scenarios

61:  How would you automate a multi-cloud server provisioning process using ServiceNow Orchestration?
A:

1. Integration Hub Setup:
   • Enable the Integration Hub and configure connectors for AWS, Azure, and Google Cloud.
2. Workflow Design:
   • Create a workflow using Orchestration Designer with parallel activities for each cloud provider.
3. Define Activities:
   • Add activities to provision instances, set security groups, and configure storage.
4. Custom Logic:
   • Use JavaScript scripting for dynamic environment configurations.
5. Test and Validate:
   • Test the workflow to ensure seamless multi-cloud provisioning.
6. Service Catalog Integration:
   • Attach the workflow to a catalog item for user-driven requests.

62:  How would you monitor and handle workflow failures in Orchestration?
A:

1. Activity Logging:
   • Enable the Activity Logger API to capture pre-processing and post-processing logs.
2. Workflow Validation:
   • Validate workflows in the Workflow Editor to identify issues before execution.
3. Custom Error Handling:
   • Configure custom error paths for activities to handle exceptions gracefully.
4. Notification Setup:
   • Send alerts to administrators when workflows fail.
5. Performance Monitoring:
   • Monitor workflow execution logs and MID Server health.

Service Mapping Scenarios

63: You need to map a business service in ServiceNow, starting with entry points and service components. How would you approach this?
A:

1. MID Server Setup: Ensure the MID Server has .NET 3.5 and 4.0 installed as prerequisites for service mapping.
2. Define Entry Points:
   • Navigate to Service Mapping > Service Map Planner > Entry Points.
   • Create planned entry points (e.g., URLs, Host Names) and components for the business service.
3. Create and Discover:
   • Click Create and Discover to initiate service mapping.
   • Resolve any errors in the Validation Errors tab.
4. View and Verify Map:
   • Use the View Map option to verify that all components are mapped correctly.
5. Approval and Operationalization:
   • Send the service map for review, approve it, and mark it operational.

64: How would you troubleshoot and fix errors in a service map setup?
A:

1. Access Discovery Logs:
   • Navigate to Service Mapping > Services > Business Services and select the service.
2. View Discovery Errors:
   • Look for yellow triangle icons indicating errors.
3. Analyze Error Messages:
   • Click on the Show Discovery Log to see detailed error messages.
4. Make Necessary Changes:
   • Modify patterns or credentials based on the error type.
5. Re-run Discovery:
   • Test the mapping again to verify the issue is resolved.

Event Management Scenarios

65:  ABC Corporation wants to integrate multiple event monitoring tools with ServiceNow Event Management. How would you set up and configure this integration?
A:

1. Activate Event Management Plugin:
   • Access the HI Portal and activate the Event Management plugin.
2. Create Connection Definitions:
   • Define connections for each event monitoring tool.
3. Configure Event Rules:
   • Define rules to handle incoming events and map event fields to ServiceNow fields.
4. Alert Correlation Rules:
   • Set up rules to consolidate related alerts.
5. Dashboards:
   • Create dashboards to visualize and manage events effectively.

66: How would you use Event Management to prioritize remediation actions based on business impact?
A:

1. Configure Event Rules:
   • Map events to business-critical services.
2. Set Up Alert Correlation:
   • Define rules to group related alerts and reduce noise.
3. Use Dashboards:
   • Monitor the event dashboard to identify high-priority events affecting critical services.
4. Root Cause Analysis:
   • Use analytics to trace incidents back to the root cause.
5. Remediation Actions:
   • Automate or manually trigger appropriate remediation actions.

Traffic-Based Discovery Scenarios

67:  How would you enable and use traffic-based discovery in Service Mapping to capture network connections?
A:

1. Enable Traffic-Based Discovery:
   • Navigate to Service Mapping > Administration > Traffic Based Discovery.
2. Define Discovery Rules:
   • Create rules to include or exclude specific CI types.
3. View Traffic Connections:
   • Right-click a CI in the business service map and select Show Traffic-Based Connections.
4. Validation:
   • Validate that inbound and outbound connections are discovered correctly.
5. Optimize Mapping:
   • Use the captured traffic data to enhance service mapping accuracy.

Workflow Automation Scenarios

68: Your organization wants to automate virtual server provisioning using ServiceNow Orchestration. How would you design the solution?
A:

1. Activate Required Plugins:
   • Enable the Orchestration Plugin and Integration Hub Connectors for cloud providers.
2. Create Orchestration Workflow:
   • Navigate to Workflow Editor > Orchestration and create a new workflow.
3. Add Activities:
   • Include cloud-specific activities such as Provision Instance (AWS) or Create VM (Azure).
4. Input Variables:
   • Define input variables for instance type, region, and storage configuration.
5. Custom Scripting:
   • Add JavaScript to dynamically configure instance properties.
6. Test and Attach to Catalog Item:
   • Test the workflow and link it to a Service Catalog item for user-driven requests.

69: How would you automate user account provisioning across multiple systems (Active Directory, Salesforce, and ServiceNow)?
A:

1. Enable Integration Hub:
   • Activate connectors for Active Directory, Salesforce, and ServiceNow.
2. Design Orchestration Workflow:
   • Create a workflow with parallel activities for each system.
3. Input Variables:
   • Define variables for Username, First Name, Last Name, and Roles.
4. Custom Activities:
   • Use Active Directory Create User, Salesforce Create User, and custom REST API calls for ServiceNow.
5. Error Handling:
   • Configure error paths to handle failures in any system.
6. Test and Deploy:
   • Validate the workflow and attach it to a Service Catalog item.

Root Cause Analysis Scenarios

70: A critical business service is experiencing performance issues. How would you use ServiceNow Event Management to perform root cause analysis (RCA)?
A:

1. Analyze Events:
   • Navigate to Event Management Dashboard and review active events.
2. Use Alert Correlation:
   • Identify related alerts grouped by correlation rules.
3. Dependency Views:
   • Use Dependency Views to trace the impact of alerts on upstream and downstream CIs.
4. Root Cause Analysis:
   • Analyze alerts for the primary CI causing the issue.
5. Remediation:
   • Trigger automated remediation actions or assign tasks to the appropriate teams.

Custom Integration Scenarios

71:  Your organization wants to integrate ServiceNow with a third-party monitoring tool for real-time event ingestion. How would you achieve this?
A:

1. Activate Event Management Plugin:
   • Enable the Event Management Plugin and configure access.
2. Create Event Connector:
   • Set up a connector to the third-party tool using REST or SNMP protocols.
3. Define Event Rules:
   • Map incoming event fields to ServiceNow fields.
4. Alert Correlation:
   • Configure rules to group related events into actionable alerts.
5. Test and Monitor:
   • Validate the integration and monitor the event flow on the Event Dashboard.

72: How would you implement traffic-based discovery for a multi-region network environment?
A:

1. Enable Traffic-Based Discovery:
   • Navigate to Service Mapping > Administration > Traffic Based Discovery and enable it.
2. Define Region-Specific Rules:
   • Create discovery rules for each region to include or exclude specific CI types.
3. Capture Traffic Data:
   • Use netstat and lsof protocols to capture inbound and outbound connections.
4. Validate Mapping:
   • Ensure connections are accurately mapped to CIs in each region.
5. Optimize Service Maps:
   • Regularly review and adjust discovery rules based on network changes.

Event Management and Monitoring Scenarios

73: Your organization wants to set up event management in ServiceNow to monitor events from multiple third-party tools and generate actionable alerts. How would you achieve this?
A:

1. Activate Event Management Plugin:
   • Access the HI Portal to activate the plugin and configure access.
2. Configure MID Server (If Needed):
   • Set up the MID Server for event connectors or use REST API directly if no MID server is required.
3. Create Connector Definitions:
   • Navigate to Event Management > Connectors > Connector Definitions, create definitions for unsupported event sources, and provide custom scripts.
4. Configure Connector Instances:
   • Set up instances for each event source by providing the host IP, credentials, and connector definitions.
5. Define Event Rules and Field Mapping:
   • Set up event rules to filter and map events to alerts.
6. Test and Monitor:
   • Validate connectors and monitor events through the Event Dashboard.

74: How would you prioritize and handle high-volume events using ServiceNow Event Management?
A:

1. Set Thresholds:
   • Configure event rules with threshold conditions to generate alerts only when event frequency crosses a defined limit (e.g., 5 events in 60 seconds).
2. Bind Alerts to CIs:
   • Associate alerts with specific CIs, such as SQL Servers, to contextualize issues.
3. Group Alerts:
   • Use alert correlation rules to consolidate related alerts and reduce noise.
4. Flapping Prevention:
   • Set flap intervals to avoid generating alerts for rapidly changing events.
5. Dashboards for Monitoring:
   • Utilize dashboards to track and act on critical alerts efficiently.

Event Mapping and Alert Scenarios

75: Your company needs to bind alerts to specific CI types and set thresholds for CPU usage alerts. How would you configure this?
A:

1. Create Event Rule:
   • Navigate to Event Management > Rules > Event Rules and create a new rule.
2. Threshold Configuration:
   • Set the threshold for CPU usage at 90% over 5 occurrences in 60 seconds.
   • Use the Create Alert Operator field to trigger alerts.
3. Bind to CI Type:
   • Activate the Bind section and select the CI type for the alert, such as SQL Server.
4. Transform Rules:
   • Configure transform rules to populate additional alert fields based on event data.

76: You want to automate alert remediation for specific network incidents. How would you set this up in Event Management?
A:

1. Create Alert Rules:
   • Navigate to Event Management > Rules > Alert Rules and define the rule criteria.
2. Define Remediation Actions:
   • Configure automated remediation actions, such as restarting a service or triggering a workflow.
3. Validation:
   • Test the remediation rule by generating a sample event and monitoring the action taken.
4. Monitoring:
   • Use dashboards to track the success and failures of remediation actions.

77: How would you troubleshoot connector instance failures in Event Management?
A:

1. Validate Connector Configuration:
   • Ensure correct host IP, credentials, and connector definition.
2. Test Connection:
   • Use the Test Connector option to validate the setup.
3. Check Logs:
   • Analyze connector logs for error messages during event retrieval.
4. Credential Debugging:
   • Verify and update credentials if authentication errors are present.

Automation Scenarios

78: How would you automate the escalation of critical alerts to the appropriate support teams?
A:

1. Define Alert Rules:
   • Navigate to Event Management > Rules > Alert Rules and create a rule for critical alerts.
2. Set Assignment Logic:
   • Configure the rule to assign alerts based on CI type or severity level to the correct support team.
3. Trigger Notification:
   • Set up Notification Rules to send email or SMS alerts to team members upon rule activation.
4. Remediation Workflow:
   • Attach an automated workflow to the alert to trigger predefined remediation actions if applicable.
5. Validation:
   • Test by generating a sample event to verify escalation and notifications work as expected.

79:  Your organization wants to trigger automated remediation actions when a network device goes down. How would you configure this?
A:

1. Configure Event Rules:
   • Create an event rule to detect network device failures based on event criteria such as Device Unreachable.
2. Bind Alerts:
   • Bind the alert to the network CI to provide context.
3. Attach a Workflow:
   • Create a remediation workflow in Workflow Editor, such as triggering a device restart.
4. Define Remediation Action:
   • Link the remediation workflow to the alert rule.
5. Test and Monitor:
   • Generate a test event to ensure the workflow executes correctly and resolves the issue.

80: How would you automate closing alerts after remediation actions have been successful?
A:

1. Create Alert Remediation Rules:
   • Navigate to Event Management > Rules > Alert Rules and define a rule for successful remediation.
2. Close Alert Operator:
   • Use the Close Alert Operator field to define the closure condition, such as Device Status = Healthy.
3. Attach Remediation Workflow:
   • Link the workflow that monitors the success of remediation actions.
4. Validation:
   • Test by simulating an event and monitoring the alert lifecycle.
5. Dashboard Monitoring:
   • Ensure the Event Management dashboard reflects accurate alert closure statuses.

Troubleshooting Event Mapping Issues

81: An event rule is not generating alerts despite matching the defined conditions. How would you troubleshoot this?
A:

1. Check Event Rule Status:
   • Verify that the rule is Active.
2. Validate Event Source:
   • Ensure the event source is correctly mapped and sending events.
3. Analyze Event Fields:
   • Check if event data matches the rule filter criteria. Adjust filters if necessary.
4. Review Thresholds:
   • Ensure that threshold values are not preventing alert creation (e.g., event count thresholds).
5. Test Rule:
   • Generate a test event and monitor its processing through logs.

82:  Alerts are being generated for duplicate events, causing noise. How would you resolve this?
A: Configure Flapping Settings:

1. Set a Flap Interval to prevent frequent event generation for rapidly changing statuses.
2. Use Alert Correlation Rules:
   • Consolidate related alerts into a single actionable alert.
3. Optimize Threshold Rules:
   • Adjust thresholds to reduce unnecessary alert generation.
4. Validate Event Source:
   • Ensure the event source is not repeatedly sending identical events.

83: How would you debug connector instance failures during event data retrieval?
A: Test Connector:

1. Use the Test Connector option to validate instance configuration.
2. Check MID Server Logs:
   • Review logs for errors related to connectivity or credential failures.
3. Credential Validation:
   • Ensure credentials are accurate and authorized for event retrieval.
4. Review Script Errors:
   • Debug custom connector scripts if used.
5. Network Checks:
   • Verify network connectivity between the MID Server and event source.

Event Management Scenarios

84: How would you configure event rules in ServiceNow to create alerts based on specific conditions from event data?
A:

1. Access Event Rules:
   • Navigate to Event Management > Rules > Event Rules.
2. Create Event Rule:
   • Click New to open the event rule form and provide a meaningful name and event source (e.g., SolarWinds or SCOM).
3. Define Filters:
   • Set filter conditions to target specific event criteria (e.g., CPU utilization above 90%).
4. Set Thresholds:
   • Configure thresholds for event frequency, such as triggering an alert after 5 occurrences in 60 seconds.
5. Bind Alerts to CIs:
   • Associate alerts with specific CIs using the Bind tab to contextualize alerts.
6. Test and Monitor:
   • Generate sample events to validate rule functionality.

85: How would you handle alert correlation to suppress redundant alerts and prioritize actionable ones?
A:

1. Create Alert Correlation Rules:
   • Navigate to Event Management > Rules > Alert Correlation Rules.
2. Define Primary and Secondary Alerts:
   • Set conditions for the primary alert (e.g., main router failure) and secondary alerts (sub-router failures).
3. Specify Relationships:
   • Select Parent to Child or Same CI relationships to group related alerts.
4. Save and Monitor:
   • Validate the rule by generating test alerts and monitoring the dashboard for alert correlations.

Cloud Management Scenarios

86: How would you set up and manage cloud resources for AWS using ServiceNow Cloud Management?
A:

1. Activate the AWS Plugin:
   • Search for Cloud Management Amazon Web Services Plugin and activate it.
2. Create Users and Roles:
   • Define roles and access policies for AWS resource management.
3. Register Cloud Account:
   • Register the AWS account with appropriate access keys.
4. Discover Resources:
   • Use Discovery to populate the CMDB with AWS resources.
5. Create Service Catalog:
   • Publish virtual machine and storage provisioning options as catalog items.
6. Provision Resources:
   • Automate resource provisioning through service catalog requests.

87: How would you manage cost and usage reporting for AWS cloud services in ServiceNow?
A:

1. Enable Billing Data Integration:
   • Configure AWS billing data ingestion for cost tracking.
2. Federate CloudWatch and AWS Config Data:
   • Use these services to monitor and report resource usage.
3. Generate Reports:
   • Create cost and usage reports using ServiceNow reporting tools.
4. Optimization Suggestions:
   • Analyze reports for optimization opportunities, such as rightsizing VMs.

Guided Setup Scenarios

88: How would you use Guided Setup to configure the Event Management application in ServiceNow?
A:

1. Access Guided Setup:
   • Navigate to Event Management > Guided Setup from the application navigator.
2. Follow Prerequisites:
   • Complete the listed prerequisites, such as activating plugins and setting up the MID Server.
3. Step-by-Step Configuration:
   • Guided setup provides a checklist covering tasks like:
     • Configuring event rules
     • Setting up connector instances
     • Mapping event fields to ServiceNow fields.
4. Validate Configuration:
   • Test each completed step to ensure it functions as expected.
5. Dashboard Monitoring:
   • After setup, use the Event Management Dashboard to verify active events and alerts.

89: How does Guided Setup simplify the configuration process compared to manual configuration?
A:

• Predefined Steps: Provides a predefined sequence of tasks with clear instructions, reducing errors.
• Checklist View: Displays a progress tracker for completed and pending tasks.
• Integrated Validation: Tests configurations during setup to ensure correctness.
• Ease of Use: Suitable for users with limited experience compared to the detailed manual setup.

Advanced Cloud Orchestration Scenarios

90: Your organization wants to enable multi-cloud orchestration for AWS, Azure, and VMware. How would you set this up using ServiceNow Cloud Management?
A:

1. Activate Cloud Plugins:
   • Enable the plugins for AWS, Azure, and VMware integration.
2. Configure Cloud Accounts:
   • Register cloud accounts for each provider with their respective credentials.
3. Create Orchestration Workflows:
   • Use Workflow Editor to design workflows for provisioning, scaling, and terminating resources.
4. Service Catalog Integration:
   • Publish orchestration workflows as catalog items for user-driven requests.
5. Test Multi-Cloud Scenarios:
   • Test workflows for each provider and validate resource provisioning across clouds.
6. Monitor and Optimize:
   • Use dashboards to track usage and recommend cost-saving optimizations.

91: How would you manage and automate cloud resource lifecycle in ServiceNow?
A:

1. Provisioning:
   • Automate resource creation using orchestration workflows linked to service catalog items.
2. Tagging and Governance:
   • Apply tags for cost tracking and compliance using AWS Config or Azure Policy.
3. Scaling:
   • Use workflows to dynamically scale resources based on usage thresholds.
4. Decommissioning:
   • Automate resource termination after lease expiration or inactivity.
5. Reporting and Monitoring:
   • Generate cost and performance reports for optimization insights.

Troubleshooting Scenarios

92: Alerts are not being generated despite events matching event rules. How would you troubleshoot this?
A:

1. Check Event Rule Status:
   • Verify that the event rule is active and correctly configured.
2. Validate Event Source:
   • Ensure events from the source are correctly ingested into ServiceNow.
3. Review Thresholds:
   • Check if event thresholds are preventing alert generation.
4. Examine Field Mappings:
   • Confirm that event fields are correctly mapped to ServiceNow fields.
5. Test Rules:
   • Generate test events to validate rule functionality.

93: Multiple alerts are being generated for the same event, causing noise. How would you resolve this?
A:

1. Flap Interval:
   • Set a flap interval to prevent frequent alert generation for rapidly changing events.
2. Alert Correlation Rules:
   • Create correlation rules to group related alerts and suppress duplicates.
3. Threshold Rules:
   • Adjust thresholds to ensure alerts are only generated after significant event activity.
4. Monitor and Refine:
   • Use dashboards to monitor alert behavior and refine rules if necessary.

94: Cloud resource provisioning fails during workflow execution. How would you troubleshoot?
A:

1. Validate Credentials:
   • Ensure cloud account credentials are correct and have necessary permissions.
2. Check Orchestration Logs:
   • Review workflow execution logs for errors.
3. Test API Connectivity:
   • Confirm connectivity to the cloud provider’s API endpoints.
4. Debug Workflow Inputs:
   • Verify that input parameters (e.g., instance type, region) match the provider’s requirements.
5. Retry Execution:  Retry the workflow after resolving identified issues.

Advanced Troubleshooting Scenarios

95: A business-critical service is experiencing frequent event flapping, leading to multiple redundant alerts. How would you troubleshoot and resolve this issue?
A:

1. Analyze Event Source:
   • Check if the event source is generating inconsistent status updates.
2. Configure Flap Interval:
   • Navigate to Event Management > Settings > Properties and set an appropriate flap interval (e.g., 300 seconds).
3. Enable Event Deduplication:
   • Use correlation rules to group redundant alerts.
4. Refine Threshold Rules:
   • Adjust thresholds to only trigger alerts for significant changes.
5. Monitor Alert Behavior:
   • Use the Event Dashboard to validate the resolution.

96:  ServiceNow Cloud resource discovery fails to populate the CMDB for AWS instances. How would you troubleshoot this?
A:

1. Validate AWS Plugin Activation:
   • Ensure the AWS Cloud Management plugin is active.
2. Check Credentials:
   • Verify that the AWS account credentials have sufficient IAM permissions.
3. Review Discovery Logs:
   • Analyze logs for errors during discovery runs.
4. Network Connectivity:
   • Confirm network connectivity to AWS endpoints from the MID Server if used.
5. Re-run Discovery:
   • Retry the discovery after resolving any errors.

97: An alert remediation task fails to execute after being triggered. How would you troubleshoot this?
A:

1. Check Remediation Workflow:
   • Verify that the workflow attached to the remediation task is correctly designed and validated.
2. Review Task Logs:
   • Analyze task execution logs for errors.
3. Validate Permissions:
   • Ensure the user or service account has permission to perform the remediation action.
4. Test Workflow Manually:  Execute the workflow independently to isolate issues.
5. Retry Task Execution:  Retry the remediation task after resolving identified issues.

Complex Integration Scenarios

98: Your organization needs to integrate ServiceNow Event Management with a third-party monitoring tool that doesn’t have an out-of-the-box connector. How would you achieve this?
A:

1. Create Custom Connector Definition:
   • Navigate to Event Management > Connectors > Connector Definitions and create a new definition.
2. Script Integration Logic:
   • Provide custom scripts to handle event ingestion from the third-party tool.
3. Configure Connector Instance:
   • Set up an instance with appropriate credentials and host details.
4. Test Connection:
   • Validate the connector by testing event retrieval.
5. Monitor Event Flow:
   • Ensure events are ingested and mapped correctly to ServiceNow fields.

99:  You are tasked with automating multi-cloud resource provisioning using ServiceNow Orchestration. How would you design this solution?
A:

1. Activate Cloud Plugins:
   • Enable plugins for AWS, Azure, and VMware.
2. Register Cloud Accounts:
   • Provide credentials and configuration for each cloud provider.
3. Design Orchestration Workflow:
   • Create workflows for provisioning, scaling, and terminating resources.
4. Service Catalog Integration:
   • Publish workflows as catalog items for user-driven requests.
5. Monitor and Optimize:
   • Use dashboards to monitor provisioning success and track costs.

100: Alerts are being generated with incomplete or incorrect data from event sources. How would you troubleshoot and resolve this issue?
A:

1. Review Event Field Mappings:
   • Navigate to Event Management > Rules > Event Field Mapping and verify mappings.
2. Create or Update Mapping:
   • Map missing fields or correct inaccurate field mappings.
3. Validate Event Data:
   • Test with sample events to ensure proper data mapping.
4. Monitor Alerts:
   • Verify that alerts are generated with accurate data post-mapping.

Event Management and Alert Automation Scenarios

101: You are tasked with setting up alert remediation to automatically resolve high CPU usage alerts for application servers. How would you achieve this in ServiceNow?
A:

1. Create Alert Rules:
   • Navigate to Event Management > Rules > Alert Rules and create a rule for high CPU alerts.
2. Attach a Remediation Workflow:
   • Use Orchestration to create a workflow that triggers a script to reduce CPU load or restart a service.
3. Bind to CI Type:
   • Ensure the alert rule is bound to the Application Server CI Type for proper targeting.
4. Test the Workflow:  Simulate high CPU usage events and validate workflow execution.
5. Monitor and Refine: Use dashboards to monitor the success rate of automated remediation actions.

102:  How would you handle a situation where alerts are being suppressed incorrectly due to faulty alert correlation rules?
A:

1. Review Correlation Rules:
   • Navigate to Event Management > Rules > Alert Correlation Rules and review active rules.
2. Analyze Alert Relationships:
   • Check if incorrect parent-child relationships are defined for alerts.
3. Test Rule Conditions:
   • Generate sample events to validate the rule conditions.
4. Refine Rules:
   • Update rule criteria to better capture relationships and prevent incorrect suppression.
5. Monitor Alert Flow:  Ensure alerts are being generated and correlated as expected.

Cloud Management and Orchestration Scenarios

103:  Your organization wants to implement automated scaling of cloud resources based on dynamic usage thresholds. How would you set this up in ServiceNow Cloud Management?
A:

1. Activate Cloud Plugins:
   • Enable AWS, Azure, and VMware plugins.
2. Design Scaling Workflow:
   • Create an orchestration workflow that scales resources based on monitoring data thresholds.
3. Integrate Monitoring Data:
   • Use AWS CloudWatch or Azure Monitor to feed data into the workflow.
4. Configure Triggers:
   • Set up triggers in the workflow to automatically scale up or down based on usage.
5. Validate and Monitor:
   • Test the workflow and monitor resource usage for optimization.

104:  You encounter issues during cloud resource provisioning due to API rate limits from cloud providers. How would you handle this situation?
A:

1. Batch Requests: Modify workflows to batch API requests instead of sending them individually.
2. Retry Logic:  Implement retry logic with exponential backoff in workflows.
3. Monitor API Quota:
   • Use cloud provider APIs to track remaining quotas and adjust requests accordingly.
4. Optimize Provisioning: Reduce unnecessary API calls by caching resource states when possible.

Complex Troubleshooting Scenarios

105: Events from a monitoring tool are being ingested, but no alerts are generated despite event rules being configured. How would you troubleshoot this?
A:

1. Validate Event Source:
   • Ensure the event source is correctly configured and active.
2. Check Event Field Mapping:
   • Confirm that event fields are mapped correctly to ServiceNow fields.
3. Analyze Event Rules:
   • Verify that event rule conditions are correctly defined and thresholds are appropriate.
4. Test Rules:
   • Generate test events and monitor the Event Dashboard for alert creation.
5. Review Logs:
   • Analyze logs for any errors during event processing.

106: An orchestration workflow that provisions cloud resources intermittently fails without clear error messages. How would you troubleshoot this?
A:

1. Analyze Workflow Logs:
   • Check workflow execution logs for any errors or timeout issues.
2. Validate Inputs:
   • Ensure that input parameters match the cloud provider’s requirements.
3. Network Checks:
   • Verify network connectivity to cloud provider APIs.
4. Debug Step by Step:
   • Execute each workflow step individually to isolate the issue.
5. Enable Detailed Logging:
   • Enable verbose logging for the workflow to capture more detailed error messages.

Cloud Management Scenarios

107:  How would you set up and configure AWS integration in ServiceNow Cloud Management?
A:

1. Activate the AWS Plugin:
   • Navigate to System Applications > All Available Applications.
   • Search for Cloud Management Amazon Web Services and click Activate.
2. Install Supporting Plugins:
   • Ensure the following are installed:
     • com.snc.aws (Primary AWS plugin)
     • com.snc.aws.activities (AWS Cloud Activities)
     • com.snc.aws.common (Amazon Common)
     • com.snc.aws.core (Core components for AWS).
3. Create Users and Roles:
   • Assign roles such as cloud_admin, cloud_operator, or cloud_user based on responsibilities.
4. Register AWS Cloud Account:
   • Provide AWS credentials and account details to register the cloud environment.
5. Discover AWS Resources:
   • Perform discovery to populate the CMDB with AWS VMs, EBS, and other resources.
6. Create Service Catalog:
   • Publish virtual machine provisioning as a service catalog item for user requests.

108: How would you manage multi-cloud environments (AWS, Azure, and VMware) using ServiceNow Cloud Management?
A:

1. Activate Cloud Plugins:
   • AWS: com.snc.aws
   • Azure: Cloud Management – Microsoft Azure
   • VMware: Orchestration – VMware Support.
2. Create User Roles:
   • Assign roles such as azure_operator, ec2_operator, and vmware_operator.
3. Register Cloud Accounts:
   • Provide credentials and endpoint configurations for each provider.
4. Unified Service Catalog:
   • Create a single service catalog with provisioning options for all providers.
5. Monitor Resources:
   • Use dashboards and reports to track resource usage across all clouds.

109: A cloud administrator needs to ensure secure and role-based access control for cloud operations. How would you configure this in ServiceNow?
A:

1. Create User Groups:
   • cloud_user group for virtual resource requests
   • cloud_operator group for resource provisioning
   • cloud_admin group for environment monitoring.
2. Assign Roles:
   • Cloud users: cloud_user
   • Cloud operators: ec2_operator, azure_operator, vmware_operator
   • Cloud administrators: cloud_admin, itil, cloud_user.
3. Policy Enforcement:
   • Ensure that each user group has access to only the relevant service catalog items and dashboards.
4. Monitor Activities:
   • Use the Cloud Admin Portal for tracking and governance.

Cloud Troubleshooting Scenarios

110: AWS resource discovery is failing, and no instances are being populated in the CMDB. How would you troubleshoot this?
A:

1. Validate Plugin Activation:
   • Ensure all required AWS plugins are activated.
2. Check Credentials:
   • Verify that AWS access keys have the necessary permissions.
3. Network Configuration:
   • Ensure the MID Server can connect to AWS endpoints if used.
4. Analyze Discovery Logs:
   • Review logs for error messages during discovery runs.
5. Re-run Discovery:
   • Retry discovery after resolving issues.

111: Cloud resource provisioning tasks are intermittently failing in ServiceNow. How would you troubleshoot this issue?
A:

1. Analyze Workflow Logs:  Review workflow logs for errors during task execution.
2. Check API Limits:
   • Ensure cloud provider API rate limits are not being exceeded.
3. Validate Inputs:
   • Verify input parameters for resource configurations.
4. Network Connectivity:
   • Confirm network connectivity to cloud provider endpoints.
5. Retry Task Execution:  Manually retry the task after addressing the errors.

Automation Scenarios

112:  How would you automate the provisioning of virtual resources across multiple cloud providers (AWS, Azure, VMware) using ServiceNow Cloud Management?
A:

1. Activate Required Plugins:
   • AWS: com.snc.aws
   • Azure: Cloud Management – Microsoft Azure
   • VMware: Orchestration – VMware Support.
2. Create Orchestration Workflows:
   • Design separate workflows for provisioning AWS, Azure, and VMware resources.
   • Include steps for VM configuration, tagging, and network setup.
3. Define Input Variables:
   • Set up input parameters such as instance type, storage size, and region.
4. Integrate Service Catalog:
   • Publish workflows as catalog items with user-friendly forms.
5. Test Multi-Cloud Requests:
   • Validate the workflows by provisioning resources in each cloud environment.
6. Monitor Provisioning:
   • Use dashboards to track the status and health of provisioned resources.

113: A user requests additional storage for their virtual machine in AWS through the ServiceNow portal. How would you automate this request?
A:

1. Create a Catalog Item:
   • Design a catalog item for requesting additional EBS storage.
2. Attach Orchestration Workflow:
   • Create a workflow to increase EBS storage using AWS API calls.
3. Define Input Fields:
   • Include fields for VM ID and storage size.
4. Validation and Execution:
   • Validate input values and execute the workflow.
5. Notification:
   • Notify the user upon successful task completion.

Security and Role-Based Access Scenarios

114:  How would you enforce role-based access control (RBAC) for managing cloud resources in ServiceNow?
A:

1. Define User Groups:
   • cloud_user: Request and manage virtual resources
   • cloud_operator: Provision and maintain resources
   • cloud_admin: Monitor and govern the cloud environment.
2. Assign Roles:
   • Assign roles such as ec2_operator, azure_operator, and vmware_operator to respective groups.
3. Configure Catalog Access:
   • Restrict catalog item access based on user roles.
4. Audit Activity:
   • Use the Cloud Admin Portal to monitor user actions and track compliance.

Multi-Cloud Governance Scenarios

115: How would you track and manage cloud costs across AWS, Azure, and VMware environments?
A:

1. Enable Billing Integration:
   • Configure AWS billing and Azure cost management integration.
2. Federate Monitoring Data:
   • Use CloudWatch and Azure Monitor to gather usage metrics.
3. Generate Cost Reports:
   • Create custom dashboards and reports for cost and usage tracking.
4. Set Budget Alerts:
   • Configure alerts for budget thresholds and anomalies.
5. Optimization Recommendations:
   • Analyze resource utilization and suggest rightsizing.

116: How would you ensure compliance and governance in a multi-cloud environment using ServiceNow Cloud Management?
A:

1. Tagging Policies:
   • Enforce tagging rules for cost tracking and compliance.
2. Access Control:
   • Implement RBAC to restrict access to sensitive operations.
3. Automated Audits:
   • Schedule regular audits for resource configurations and security compliance.
4. Monitor Resource Changes:
   • Use dashboards to track changes and ensure compliance with policies.
5. Policy-Based Remediation:
   • Automate remediation for non-compliant resources through workflows

💬 Interview Question 1:

Do you know about ServiceNow Discovery? Explain how it works and your real-time experience with it.

Yes, I have hands-on experience with ServiceNow Discovery.
ServiceNow Discovery is a key IT Operations Management (ITOM) application used to automatically identify and map IT assets (CIs) within an organization’s infrastructure — such as servers, network devices, applications, databases, and cloud resources — into the CMDB (Configuration Management Database).

 How Discovery Works (Step-by-Step):

1. MID Server Setup:
   • Discovery uses a MID Server (Management, Instrumentation, and Discovery Server) installed within the customer’s network to communicate securely between ServiceNow and on-prem systems.
   • It handles all probes and sensors execution locally.
2. Discovery Schedule:
   • A Discovery schedule defines what to discover, when, and how often.
   • For example: You can schedule a Windows, Linux, or Network Discovery daily or weekly.
3. Probes and Sensors:
   • Probes are lightweight scripts sent from ServiceNow to gather raw data (e.g., WMI, SSH, SNMP).
   • Sensors process that raw data and update or insert Configuration Items (CIs) into the CMDB.
4. Classification and Identification:
   • Discovery first classifies the device type (e.g., Windows Server, Cisco Router).
   • Then it identifies if the CI already exists using identification rules.
   • Finally, it populates or updates the CI data in CMDB.
5. Dependency Mapping (Optional):
   • It can identify relationships between servers, databases, and applications — which is very useful for impact analysis.

Real-Time Example:

In my last project, we implemented Server Discovery across multiple data centres.
I configured MID servers, created discovery schedules, and customized the credentials (SSH and SNMP).
We faced an issue where Windows servers were not being discovered due to WMI authentication failures.
I debugged the issue using ECC Queue logs and Discovery logs, then updated credentials and firewall rules.
After that, Discovery successfully populated CI records into CMDB with accurate relationships.

Short Answer:

Yes, I’ve worked with ServiceNow Discovery to identify and populate configuration items into CMDB.
It uses MID servers, probes, and sensors to collect data from infrastructure devices like servers, databases, and networks.
I’ve configured discovery schedules, resolved credential and connectivity issues, and verified CI relationships in CMDB.

💬 Interview Question 2:

What is the use of Discovery in ServiceNow?

ServiceNow Discovery is used to automatically identify, classify, and populate Configuration Items (CIs) in the CMDB (Configuration Management Database) from an organization’s IT infrastructure — such as servers, databases, applications, and network devices.

In simple terms, the main use of Discovery is to keep the CMDB accurate and up to date without manual data entry.
It helps IT teams understand what assets exist, where they are located, and how they are connected to each other.

Real-Time Answer:

In my last project, we used ServiceNow Discovery to automatically update the CMDB for over 1,500 servers across multiple environments.
Before Discovery, the CMDB was maintained manually, and many CI records were outdated or missing.
After setting up MID servers and running scheduled discoveries, we were able to identify all active servers, network devices, and applications.
This data was crucial for Change Management impact analysis and Service Mapping implementation.
I also helped troubleshoot failed discoveries by checking ECC Queue logs and Discovery logs.

Short Answer:

Discovery in ServiceNow is used to automatically find and update Configuration Items in the CMDB.
It helps maintain accurate asset data, detect relationships between systems, and support IT processes like change, incident, and service mapping.
I’ve worked on configuring Discovery schedules, troubleshooting MID server issues, and verifying CI updates in CMDB.

💬 Interview Question 3:

What are IRE Rules in ServiceNow, and why are they important?

IRE stands for Identification and Reconciliation Engine.
IRE Rules in ServiceNow define how Discovery and Integration data identify, insert, or update Configuration Items (CIs) in the CMDB (Configuration Management Database) without creating duplicates or overwriting valid data.

In simple terms, IRE ensures that the CMDB maintains a single, accurate version of every CI, even when data is coming from multiple sources (like Discovery, Service Mapping, SCCM, or Import Sets).

⚙️ Purpose / Use of IRE Rules:

Function	Description
Identification	Determines whether the incoming CI already exists in CMDB based on key attributes (like serial number, IP address, or name).
Reconciliation	Decides which data source has authority to update a CI when multiple sources provide conflicting data.
De-duplication	Prevents creation of duplicate CI records in CMDB.
Data Quality Control	Maintains consistent and accurate data from multiple discovery tools or integrations.

Real-Time Example:

In my recent project, we had multiple data sources populating the CMDB — ServiceNow Discovery, SCCM, and Import Sets.
Without IRE, duplicate CIs were being created because both SCCM and Discovery were inserting the same Windows server.

I implemented IRE Identification Rules on the cmdb_ci_computer table, where the Serial Number and Fully Qualified Domain Name (FQDN) were used as unique identifiers.

Then, I configured Reconciliation Rules so that Discovery had higher priority for attributes like IP address and OS version, while SCCM was allowed to update hardware details.

After that, duplicates were eliminated, and CMDB data became consistent.

Example of IRE Rule in Practice:

• Identification Rule Example (for Server CI):
  • Table: cmdb_ci_computer
  • Identifier: Serial Number + FQDN
    → If both match, update existing CI; otherwise, insert a new one.
• Reconciliation Rule Example:
  • Discovery = Primary source
  • SCCM = Secondary source
  • Import Set = Tertiary source
    → Discovery updates system info, SCCM updates hardware, Import Set updates ownership fields.

How IRE Works Technically:

1. Data (from Discovery, integration, or import) enters CMDB through Identification and Reconciliation Engine.
2. The Identification phase matches key fields using Identification Rules.
3. If a match is found → update existing CI.
   If not → insert new CI.
4. The Reconciliation phase checks Reconciliation Rules to decide which source can modify specific attributes.

Key Tables and Components:

Component	Description
cmdb_identification_rule	Stores CI identification rules
cmdb_reconciliation_definition	Stores reconciliation rules (which source owns what fields)
cmdb_ci_class	Target CI table (e.g., Server, Network, Application)
Discovery Source field	Used to identify which tool provided the data

Short Answer:

IRE stands for Identification and Reconciliation Engine.
It’s used to identify and reconcile Configuration Items coming from different data sources like Discovery, SCCM, or import sets.
IRE Rules help avoid duplicate CI records and ensure that only the authorized source updates the correct CI attributes in the CMDB.
I’ve worked on customizing IRE rules for the cmdb_ci_computer table to prevent duplication between Discovery and SCCM data.

💬 Interview Question 4:

Can you walk me through what happens during a ServiceNow Discovery process?

Yes, I can walk you through the Discovery process.
When Discovery runs in ServiceNow, it follows a series of logical steps to identify devices, collect data, and update the CMDB — all while communicating through the MID Server.

⚙️ Real-Time Discovery Flow (Step-by-Step Explanation)

Step	Stage	Description	Example
1	Initiate Discovery Schedule	A Discovery schedule starts based on time or manual trigger. It defines what IP ranges or CI types to discover.	Example: A scheduled job runs daily to scan the range 10.0.0.1 – 10.0.0.255.
2	MID Server Selection	The MID Server installed in the customer’s network is chosen to perform the scan.	The MID Server runs on a Windows/Linux machine inside the data centre.
3	Shazzam Probe (Port Scan)	Discovery sends a Shazzam probe through the MID Server to check open ports on each IP.	It finds which IPs respond on ports like 22 (SSH), 135 (WMI), 161 (SNMP).
4	Classification Phase	Based on open ports, Discovery identifies the device type (Windows, Linux, Network Device, etc.).	Port 22 open → Linux Server; Port 135 open → Windows Server.
5	Identification Phase (IRE)	Discovery uses Identification Rules (IRE) to check if this device already exists in CMDB.	It looks for unique identifiers like Serial Number, IP Address, or FQDN.
6	Exploration Phase	Probes and sensors (or patterns for newer versions) collect detailed info about the device (OS, CPU, Memory, Installed Software, etc.).	A “Windows Server” probe collects WMI data → A sensor parses and sends it to CMDB.
7	Reconciliation (IRE Rules)	If multiple sources (like SCCM, Discovery) provide the same CI, Reconciliation Rules decide which source updates the record.	Discovery is prioritized for OS details, SCCM for hardware data.
8	CMDB Update	Discovery creates or updates the Configuration Item (CI) in CMDB with the latest information.	The cmdb_ci_computer table gets updated with new CPU, RAM, and OS fields.
9	Dependency Mapping (Optional)	Discovery identifies relationships between servers, databases, and applications.	Web Server → connects to → Database Server.
10	Discovery Status & Logs	The run result is logged in discovery_status and ecc_queue tables for review or troubleshooting.	“Discovery completed successfully with 120 devices found.”

Real-Time Example:

In one of my projects, I configured multiple MID servers to perform Discovery across different subnets.
We had a problem where Linux servers were not being discovered due to SSH key mismatch.
I checked the ECC Queue, confirmed that probes were failing, updated credentials in Discovery Credentials, and re-ran the scan.
After fixing it, Discovery successfully identified all Linux servers and updated the CMDB with CPU and OS details.
Later, I also used the data for Service Mapping to create dependency views between application and database layers.

Short Answer:

When Discovery runs, it scans IP ranges through the MID Server, identifies device types based on open ports, collects configuration data using probes, sensors, or patterns, and updates the CMDB.
It uses IRE rules to avoid duplicates and ensures accurate relationships between CIs.
I’ve configured Discovery schedules, credentials, and troubleshooted probe failures in real-time environments.

💬 Interview Question 5:

Can you tell me the common Discovery-related tables you worked with in your last project and what they are used for?

Yes, I’ve worked with several Discovery-related tables in my last project while configuring and troubleshooting ServiceNow Discovery and CMDB updates.
Below are some of the most commonly used tables that come up in day-to-day Discovery operations.

Common Discovery Tables with Real-Time Usage

Table Name	Table Label / Purpose	Real-Time Usage in Project
discovery_status	Discovery Status	Used to track the overall Discovery runs — whether they succeeded, failed, or partially completed. I used this to monitor Discovery schedules daily.
ecc_queue	External Communication Channel Queue	Acts as the communication layer between ServiceNow and the MID Server. I used it for troubleshooting MID Server and probe issues. For example, I’d check for “Probe Sent” and “Probe Response” entries.
cmdb_ci	Configuration Item (base table)	Stores all Configuration Items (CIs). I used it frequently to validate whether new CIs were created or existing ones updated after Discovery.
cmdb_ci_computer	Computer CI Table	Holds details of discovered servers (Windows, Linux). I often verified CPU, OS, and memory attributes here.
cmdb_ci_network	Network Device CI Table	Stores switches, routers, and firewalls. Used when validating SNMP discoveries.
discovery_log	Discovery Log	Provides detailed Discovery execution logs. I used it when Discovery failed at a specific phase (e.g., Classification or Identification).
cmdb_discovery_log	CMDB Discovery Log	Stores pattern-based Discovery execution details (for Pattern Designer). Helpful for debugging pattern issues.
discovery_device_history	Discovery Device History	Keeps track of the last Discovery run for each device. Useful to see when a CI was last discovered.
cmdb_ci_ip_address	IP Address Table	Stores IPs related to discovered devices. I used it to verify multi-IP devices.
cmdb_ci_service	Business/Application Services	Populated during Application Discovery or Service Mapping. I used this when identifying service dependencies.
cmdb_reconciliation_definition	Reconciliation Definition	Stores IRE Reconciliation Rules. I modified this to set Discovery as the preferred source of truth for server details.
cmdb_identification_rule	Identification Rules	Used by IRE to match or create CIs. I reviewed this when duplicate CIs were created.
discovery_schedule	Discovery Schedule	Used to define what to discover and when. I created multiple schedules (daily for servers, weekly for network devices).
discovery_credentials	Discovery Credentials	Stores SSH, WMI, SNMP credentials. I used this when setting up new Discovery credentials or debugging authentication failures.

Real-Time Answer:

In my previous project, we managed Discovery across 4 data centers with around 3,000 servers.
On a day-to-day basis, I used the discovery_status table to monitor scheduled runs and check for failures.

If a Discovery failed, I’d go into the discovery_log or ecc_queue to identify the exact probe or MID Server issue.

Once data was collected, I validated updates in cmdb_ci_computer and confirmed that no duplicates were created using IRE (cmdb_identification_rule and cmdb_reconciliation_definition).

I also maintained Discovery credentials in discovery_credentials and ensured proper schedules were set in discovery_schedule.
These tables helped me troubleshoot issues quickly and maintain a healthy CMDB.

Short Answer:

In my last project, I regularly worked with tables like discovery_status, discovery_log, and ecc_queue for monitoring and troubleshooting Discovery runs.
I also used CMDB tables like cmdb_ci_computer and cmdb_ci_network to verify updated CIs.
For IRE configuration, I worked with cmdb_identification_rule and cmdb_reconciliation_definition.
These were part of my daily CMDB validation and Discovery health checks.