ServiceNow CIS-Discovery Practice Test Questions, Exam Dumps

Practice Exams:

View All

CIS-Discovery ServiceNow Practice Test Questions and Exam Dumps

Question1
Which two methods can be used in ServiceNow Discovery to identify and classify a device in the IT infrastructure? (Choose 2.)

A. SNMP (Simple Network Management Protocol)
B. Discovery Pattern
C. Syslog-based event correlation
D. SSH-based credential scanning
E. Web service APIs for application discovery

Correct Answer: A, B

Explanation:
ServiceNow Discovery is a critical component of the ServiceNow platform that automatically identifies devices and applications in a network and builds a Configuration Management Database (CMDB). Discovery works by using various probes and sensors to scan infrastructure components and retrieve information that helps in identifying and classifying them.

Let’s go through the answer choices and why A and B are the correct ones:

A. SNMP (Simple Network Management Protocol)

Correct. SNMP is a protocol widely used for monitoring and managing network devices such as routers, switches, and firewalls. ServiceNow Discovery can use SNMP to:

Query devices for information such as device type, vendor, and operational status.
Collect data from the device’s Management Information Base (MIB), which helps in identifying the device and understanding its role in the network.
Efficiently discover non-compute devices, like printers or network switches, which may not support more advanced protocols like SSH or WMI.

Thus, SNMP is a key method used by ServiceNow to identify and classify infrastructure components.

B. Discovery Pattern

Correct. Discovery Patterns are templates in ServiceNow used to recognize applications and services on discovered devices. These patterns allow for:

Defining the steps that Discovery should follow when inspecting a device.
Identifying specific applications (e.g., Apache, MySQL) based on file structures, running processes, open ports, etc.
Supporting complex multi-tier applications that cannot be discovered using simple probes.

Patterns make it possible to perform detailed classification of services and applications beyond the OS level, which is essential for full-stack visibility in the CMDB.

C. Syslog-based event correlation

Incorrect. Syslog is a logging mechanism, not a method of discovery. While syslog messages can be collected and correlated for monitoring and alerting (e.g., in Event Management), they are not used by Discovery to identify or classify devices. This method belongs more in the Event Management realm than in CMDB population.

D. SSH-based credential scanning

Incorrect. While SSH is used as a transport protocol to log into Linux/Unix systems during discovery, ServiceNow Discovery doesn’t rely on "credential scanning" via SSH to identify or classify a device. SSH is a channel that enables probes to execute commands and gather information, but it’s not in itself a discovery method or classification tool.

E. Web service APIs for application discovery

Incorrect. While APIs may be used by integration tools or for service mapping, ServiceNow Discovery primarily relies on patterns, probes, and sensors. API-based discovery is more common in Cloud Management or Application Portfolio Management (APM) rather than in core infrastructure discovery.

SNMP allows for querying network devices and is commonly used for device identification.
Discovery Patterns are central to how ServiceNow classifies applications and services running on devices. These two are essential and core to ServiceNow Discovery operations, making A and B the correct choices.

Question 2
Based on the following images, which choice best describes what occurs if Discovery sets the name attribute of a discovered Windows Server CI to 'Windows1' and then Altiris discovery runs detecting 'Windows2' for the name attribute on the same CI?

A. The name of the CI stays 'Windows1'.
B. The name of the CI changes to 'Windows2'.
C. The name of the CI does not populate with either discovery.
D. The CI is not discovered because Discovery is not listed in either image.

Answer: A

Explanation:
To determine the correct outcome, we must interpret what the images are conveying, particularly the Data Source Precedence rules defined for CI attributes in ServiceNow.

ServiceNow allows multiple discovery sources (e.g., Discovery, SCCM, Altiris, etc.) to update a Configuration Item (CI) in the CMDB. However, the CMDB Data Source Precedence feature allows the system to control which source’s data is considered authoritative for specific attributes of CIs. This prevents unauthorized or unreliable sources from overwriting trusted data.

Let’s break down the key points:

Key Assumptions from the Scenario and Images:

Discovery sets the name attribute to 'Windows1'.
Altiris later discovers the same CI and sets the name to 'Windows2'.
The question is asking what happens after both sources have run, and we must rely on the attribute-level precedence settings.

Review of the Images (not shown here but assumed based on question pattern):

In ServiceNow’s Data Source Precedence configuration (available via cmdb_data_source_precedence), each data source is assigned a priority per CI class and attribute. The lower the number, the higher the precedence. That means if Discovery has a higher precedence (lower number) than Altiris, Discovery’s data will take priority.

In most default and recommended configurations:

ServiceNow Discovery is treated as a highly authoritative source.
Altiris, being a third-party system management tool, is typically assigned lower precedence.

So, if Discovery writes 'Windows1' to the name attribute and Altiris attempts to update it to 'Windows2', Altiris's update will be ignored because Discovery has higher precedence for that attribute on that CI class (likely cmdb_ci_win_server or similar).

Evaluating Each Option:

A. The name of the CI stays 'Windows1'.
This is correct. Discovery wrote 'Windows1' first, and since it has higher precedence, Altiris cannot overwrite it.
B. The name of the CI changes to 'Windows2'.
Incorrect. This would happen only if Altiris had higher precedence, which is typically not the case.
C. The name of the CI does not populate with either discovery.
Incorrect. Discovery already populated it; there is no indication of failure or null values.
D. The CI is not discovered because Discovery is not listed in either image.
Incorrect. The scenario explicitly states that Discovery runs and sets the name to 'Windows1'.

Given the standard CMDB Data Source Precedence rules and assuming Discovery has a higher precedence than Altiris (as is typical and best practice), the name attribute remains as 'Windows1'.

Correct answer: A.

Question 3
For the Parse Variable pattern operation, what is required to have two different parsing methods to populate variables?

A. Two different Debug Mode sessions.
B. A tabular and a scalar variable.
C. Two different steps.
D. Two different Define Parsing selections on the same step.

Correct Answer: D

Explanation:

To understand the correct answer, it helps to know how Parse Variable operations work in ServiceNow Discovery Patterns.

Understanding the Parse Variable Operation

The Parse Variable operation is used in patterns to extract specific values from command output or API responses. This operation allows defining how text should be parsed—using parsing methods like Delimiters, Regular Expressions, JSON Paths, or XPath—to populate variables that are then used in subsequent steps of a Discovery Pattern.

Sometimes, the same step (e.g., a command execution) produces output that contains multiple formats or requires different parsing techniques to extract all needed values. For example, one variable might need to be extracted via a regex, while another might need a delimiter-based split.

What’s the Requirement for Multiple Parsing Methods?

To apply two different parsing methods (e.g., one using Delimiters and one using Regex) in the same step, the system must allow configuring multiple Define Parsing configurations.

This can be done using multiple “Define Parsing” selections within the same Parse Variable operation step. Each selection can be tailored to a different parsing technique and target variable(s).

So, to answer the question:

You do not need two debug mode sessions (eliminates A).
A tabular vs. scalar variable distinction (B) is irrelevant to the parsing method.
You do not need two different steps (C) to use multiple parsing strategies within one step.
You do need multiple Define Parsing selections in the same step to apply different parsing methods (D is correct).

If your goal is to use two different parsing techniques to populate variables from a single data output within a single step, the correct approach is to configure two different "Define Parsing" entries—each with its own parsing method and target variable(s).

Question 4
Which best describes Discovery schedule of type Configuration Item?

A. Verifies Configuration Item data from the scanned IP ranges against the data in the CMDB.
B. Creates only a list of discovered IPs in both IPv4 and IPv6 formats.
C. Collects complete information from the scanned IP ranges and sends it to the CMDB.
D. Directly populates records in the assets table.

Correct Answer: C

Explanation:

In ServiceNow Discovery, a Discovery schedule of type "Configuration Item" (also called a CI schedule) is one of the key configurations that determine how ServiceNow scans your network, identifies devices and applications, and populates the Configuration Management Database (CMDB).

What is a Discovery Schedule?

A Discovery schedule defines the:

Type of discovery to be performed (e.g., Configuration Item, IP Range Scan, etc.)
IP ranges to scan
Credentials to use
Time and frequency of the scan

When you choose a Configuration Item (CI) schedule, the purpose is to identify devices and applications, classify them, and populate their data into the CMDB as Configuration Items.

Evaluating the Options

A. Verifies Configuration Item data from the scanned IP ranges against the data in the CMDB.
This is misleading. While Discovery can reconcile and update existing CIs, the primary goal of a CI schedule is to discover and populate CMDB records—not merely verify them.
B. Creates only a list of discovered IPs in both IPv4 and IPv6 formats.
This describes an IP Range Scan schedule, not a Configuration Item schedule. An IP Range Scan identifies active IPs but doesn’t go deep enough to gather full configuration data.
C. Collects complete information from the scanned IP ranges and sends it to the CMDB.
This is the most accurate description of what a CI Discovery Schedule does. It scans the defined IP ranges, probes the devices using protocols like WMI, SSH, SNMP, and APIs, and gathers extensive configuration data (hostnames, OS, software, hardware, etc.). This data is then used to create or update records in the CMDB.
D. Directly populates records in the assets table.
This is incorrect. The assets table in ServiceNow is part of the Asset Management application, and while related to CMDB, Discovery does not directly populate the assets table. Instead, it creates or updates Configuration Item (CI) records in the CMDB. Asset data may later be derived from CIs, but that's a separate process.

A Discovery schedule of type Configuration Item is a core component of ServiceNow Discovery. Its purpose is to conduct detailed probes on active devices, classify them accurately, and populate the resulting data into the CMDB, ensuring your organization has an up-to-date inventory of IT infrastructure and services.

Question 5
When installing a MID Server on a Windows platform, which right must be associated when creating a Service Account?

A. Root
B. Domain Admin
C. MID Server User Role
D. Log on as service

Correct Answer: D

Explanation:

The ServiceNow MID Server (Management, Instrumentation, and Discovery Server) is a Java application that runs as a Windows service (or Linux daemon) and acts as a communication broker between the ServiceNow instance and on-premises infrastructure.

When you install a MID Server on a Windows platform, you must run it using a dedicated service account. This service account must have specific local rights to run correctly and securely as a Windows service.

Correct Right: "Log on as a service"

The "Log on as a service" right is a Windows-specific security setting that allows a user account to be used to start Windows services.
Without this permission, the MID Server won’t be able to start, and you will encounter service startup errors.
This right must be granted manually if the service account does not already have it.

Evaluating the Other Options

A. Root

This is a Unix/Linux term. Windows does not use "root" as a user or permission level. Therefore, this is not applicable to Windows MID Server installation.

B. Domain Admin

This is not required and is discouraged for security reasons. A domain admin has elevated privileges across the domain, which introduces unnecessary risk. MID Servers should run with least privilege required to perform tasks.

C. MID Server User Role

This is a ServiceNow role associated with the ServiceNow instance user, not a Windows-level right. It applies to credentials used within the ServiceNow platform, not to the Windows service account running the MID Server process.

To ensure the MID Server runs properly on Windows, you must create a service account and grant it the "Log on as a service" right. This ensures that the account has the necessary permissions to launch and run as a Windows service.

Question 6
Which of the below choices are needed for Quick Discovery? (Choose two.)

A. MID Server
B. Discovery Schedule
C. PID
D. Target IP

Correct Answers: A and D

Explanation:

Quick Discovery is a lightweight method within ServiceNow Discovery that allows administrators to quickly identify and gather basic information about a target system without running a full discovery process. It’s often used for testing connectivity, verifying credentials, or confirming MID Server configurations.

To successfully perform a Quick Discovery, you need the following components:

A. MID Server

A MID Server acts as the bridge between your ServiceNow instance and your internal network.
It is required to initiate and execute Discovery probes and sensors on devices within your environment.
Without a MID Server, no Discovery activities (including Quick Discovery) can be performed.

D. Target IP

The IP address of the target device is essential for Quick Discovery.
You need to provide this to identify and probe the device or server you want to discover.
It can be an IPv4 or IPv6 address.

B. Discovery Schedule

While Discovery Schedules are essential for standard Discovery (to run scans on a timed basis), they are not required for Quick Discovery.
Quick Discovery is on-demand and does not rely on pre-configured schedules.

C. PID (Process ID)

A Process ID (PID) is not a required input for any form of Discovery.
Discovery may detect processes and their PIDs during runtime, but you do not need to supply a PID to initiate Quick Discovery.

Quick Discovery requires two key components:

A functioning MID Server
A Target IP to identify which device to scan.

Question 7
In order to use Debug from the Pattern Designer, you must have what?

A. a proxy server
B. a discoverable CI
C. the admin role
D. Service Mapping installed

Correct Answer: B

Explanation:

In ServiceNow’s Pattern Designer, the Debug mode is a feature that allows users to test and troubleshoot pattern steps by running them directly against an actual device (a Configuration Item or CI). This is especially useful during development or troubleshooting of Discovery and Service Mapping patterns.

To use Debug in the Pattern Designer effectively, one key requirement is:

B. a discoverable CI

Debug mode requires you to select a specific CI to run the pattern against.
This CI must be reachable and discoverable from the MID Server.
The system uses this CI to execute probes and pattern steps during the debug session.
If no discoverable CI is provided, Debug cannot proceed since it has no target on which to test pattern steps.

A. a proxy server

A proxy server is not a requirement for using Debug.
It may be necessary in some network architectures for outbound connectivity, but Debug itself does not depend on it.

C. the admin role

The admin role is not required specifically to use Debug. Instead, users must have roles like "pattern_designer" or "discovery_admin", depending on the configuration.
While admin can access everything, it's not the only role that grants access to Pattern Debug.

D. Service Mapping installed

Service Mapping uses patterns, but Pattern Designer and its Debug mode are available in Discovery as well.
You do not need Service Mapping installed to use Debug from Pattern Designer.

To use the Debug function from Pattern Designer, you must have a CI that can be discovered. It serves as the test subject for your pattern logic.

Correct answer: B.

Question 8
A discovery runs against a Windows Server returning the following attribute values for the first time: name = WindowsSN1, serial_number = 12321. A subsequent discovery runs against a different Windows Server returning: name = WindowsSN2, serial_number = 12321. With only base system CI Identifiers configured, which of the following is true?

A. A Windows Server CI is created, then updated with WindowsSN2 as the name.
B. Two Windows Server CIs are created, with WindowsSN1 AND WindowsSN2 for names.
C. Two Windows Server CIs are created, without serial_number values.
D. A Windows Server CI is created, then updated with WindowsSN1 as the name.

Correct Answer : A

Explanation:

To answer this correctly, we must understand how ServiceNow Discovery identifies and reconciles Configuration Items (CIs) using CI Identifiers.

Base System CI Identifiers for Windows Servers:

By default, ServiceNow uses the following attributes (in priority order) to uniquely identify a Windows Server CI:

serial_number
name
fully_qualified_domain_name (FQDN)
IP address

In this scenario:

The first Discovery run returns:

name = WindowsSN1
serial_number = 12321
➜ A new CI is created using serial_number 12321.

The second Discovery run returns:

name = WindowsSN2
serial_number = 12321 (same as before)
➜ The serial_number is a strong unique identifier. Since it's the same, ServiceNow matches this to the existing CI and updates its name to WindowsSN2.

A. A Windows Server CI is created, then updated with WindowsSN2 as the name.

This is correct. The CI is first created with WindowsSN1, then when discovered again (with the same serial number), its name is updated to WindowsSN2.

B. Two Windows Server CIs are created, with WindowsSN1 AND WindowsSN2 for names.

Incorrect. The matching serial number tells ServiceNow it's the same physical machine (or treated as such), so only one CI is kept and updated.

C. Two Windows Server CIs are created, without serial_number values.

Incorrect. Both runs include serial numbers, so they are used. Also, serial_number is a default CI identifier, so it is not omitted.

D. A Windows Server CI is created, then updated with WindowsSN1 as the name.

Incorrect. The last discovered name is WindowsSN2, and it overwrites the previous name in the update.

In ServiceNow, when Discovery runs and finds matching serial numbers, it updates the existing CI. Here, the name will be updated from WindowsSN1 to WindowsSN2.

Question 9
Which choice represents the three best ways of extending Discovery?

A. Orchestration, Classifiers, Discovery Patterns
B. Fingerprinting, Classifiers, Discovery Patterns
C. Orchestration, Classifiers, Probes & Sensors
D. Classifiers, Probes & Sensors, Discovery Patterns
E. Classifiers, Fingerprinting, Probes & Sensors

Correct Answer : D

Explanation:

In ServiceNow Discovery, extending discovery means enhancing its capability to recognize, classify, and gather detailed information about new or custom infrastructure components. The most effective and flexible ways to do this are:

1. Classifiers

Classifiers are responsible for identifying the type of Configuration Item (CI) based on the information discovered. You can extend Discovery by:

Creating new Classifiers for custom devices or software.
Modifying existing ones to improve accuracy.

2. Probes and Sensors

Probes collect raw data during a discovery, and sensors parse that data and write it to the CMDB. You can extend Discovery by:

Creating custom probes to collect additional or specialized data.
Writing or updating sensors to interpret and map the probe output.

3. Discovery Patterns

Discovery Patterns are used in Pattern-based Discovery (often for more complex or software-defined environments). They allow you to:

Visually define the steps to discover and populate CI data.
Extend functionality for applications or devices not natively supported.

Why the Other Options Are Incorrect:

A. Orchestration, Classifiers, Discovery Patterns:
Orchestration is a separate plugin used for process automation (e.g., password resets, server restarts). It is not a core part of extending Discovery itself.
B. Fingerprinting, Classifiers, Discovery Patterns:
Fingerprinting is used for OS and device detection but is not as flexible or central to extensibility as Probes & Sensors.
C. Orchestration, Classifiers, Probes & Sensors:
Again, Orchestration is useful, but not a primary method to extend Discovery.
E. Classifiers, Fingerprinting, Probes & Sensors:
While fingerprinting helps identify operating systems or devices, Discovery Patterns are more powerful and widely used for extending Discovery capabilities.

To extend Discovery, you want tools that let you identify, gather, and map custom data effectively:

Classifiers
Probes & Sensors
Discovery Patterns

Correct Answer : D.

Question 10
SNMP Credentials require which of the following?

A. write community strings
B. usernames
C. read community strings
D. port 135 access

Correct Answer : C

Explanation:

Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring and managing network devices such as routers, switches, printers, and servers. In the context of ServiceNow Discovery, SNMP credentials are used to communicate with these network devices and retrieve configuration and status information.

To use SNMP, certain credentials must be configured, depending on the SNMP version:

Read Community Strings (Correct Answer – C)

These are required for SNMP version 1 and version 2c.
A read community string functions like a password and gives the requesting system permission to read data from the SNMP-enabled device.
This is the most basic and essential credential needed to perform SNMP-based Discovery.
Example: The default community string is often set to "public" (though this is insecure in practice).

Why the Other Options Are Incorrect:

A. Write Community Strings:

These allow for modification of device settings via SNMP.
They are typically not required for discovery, as Discovery is a read-only operation.

B. Usernames:

SNMP v3 introduces usernames (and optionally passwords and encryption), but usernames are not used in SNMP v1 or v2c.
If you're using v1 or v2c, usernames are not applicable.