ServiceNow CIS-HR Exam Dumps & Practice Test Questions

Question 1:

Which actions can an HR Admin perform without having the System Admin role? (Select three options.)

A. Assign roles to individual users or groups
B. Modify settings under HR Administration > Properties
C. Reset user account passwords
D. Define HR Criteria for categorizing records
E. Set up and manage business rules for HR processes
F. Add users into designated groups

Correct Answers: D, E, F

Explanation:

In platforms like ServiceNow, the HR Admin role is crafted to support functions strictly within the human resources domain. This role does not carry the same broad system-wide privileges as the System Admin role. Therefore, while HR Admins can handle many HR-specific tasks, their actions are intentionally limited to safeguard broader system security and operations.

Why D (Define HR Criteria) is correct:
One of the HR Admin's key capabilities is managing HR Criteria, which help structure how HR data is sorted, filtered, or prioritized. These criteria can include employment types, location, or departmental attributes, which assist in driving automation or visibility rules. This function is squarely within the HR domain and does not require broader administrative access.

Why E (Set up and manage business rules) is correct:
HR Admins can configure business rules that govern the behavior of HR processes. For example, they might automate the approval chain for time-off requests or trigger alerts for upcoming performance evaluations. These business rules are contained within the HR scope and do not impact platform-wide functionality, making them suitable for HR Admin management.

Why F (Add users into designated groups) is correct:
HR Admins often need to organize users into specific groups—for instance, creating onboarding groups for new hires or assigning users to compliance training groups. Adding users to such groups helps streamline HR workflows and ensure that records are categorized correctly. Since this operation occurs within HR scopes, it falls within the HR Admin's responsibilities.

Why A, B, and C are incorrect:

• A (Assign roles): Granting or modifying roles affects access control and security across the system. This is a sensitive action that is reserved for System Admins, as it can expose data or functions improperly if mishandled.

• B (Modify HR Administration > Properties): These are often considered system-level configurations, which can impact how HR services behave globally. This setting is off-limits to HR Admins without System Admin permissions.

• C (Reset user passwords): Password management is a core security function, typically assigned to the System Admin. Allowing HR Admins to reset passwords would introduce a security risk, especially if the user account impacts other parts of the system.

In summary, HR Admins can handle HR-specific configurations and tasks like creating criteria, managing business rules, and grouping users—but do not have authority over system-wide functions like role management, global settings, or user security operations.

Question 2:

If the HR Admin role [sn_hr_core.admin] has been removed from the Admin role, how does this affect the Admin’s ability to manage HR group memberships?

A. The Admin must elevate to the security_admin role to modify HR groups
B. The Admin can still modify HR groups using the standard process
C. The Admin is no longer able to manage HR group memberships
D. The Admin can impersonate an HR Admin to complete the action

Correct Answer: C

Explanation:

In ServiceNow and similar enterprise systems, role-based access control defines what users can or cannot do. The Admin role usually grants broad capabilities across the system. However, certain modules—like Human Resources—require their own specialized permissions. The HR Admin role [sn_hr_core.admin] is specifically designed for this purpose and enables actions within the HR scope.

Why C (The Admin is no longer able to manage HR group memberships) is correct:
Once the HR Admin role is separated from the general Admin role, users who hold only the Admin role lose access to functions that are explicitly governed by HR-specific permissions. HR groups—such as onboarding teams, HR case handlers, or benefits coordinators—are managed using the privileges granted by the HR Admin role. Without it, the Admin cannot add or remove users from these groups. This restriction is intentional and aligns with data privacy and security best practices, ensuring only authorized HR personnel manage sensitive employee-related roles and groups.

Why A is incorrect:
Elevating to security_admin does increase a user's access to some high-level system configurations, especially related to platform security. However, it does not grant access to HR-specific modules unless the appropriate HR roles are also assigned. HR group membership remains restricted to those with the HR Admin role regardless of any elevated privileges.

Why B is incorrect:
The process for modifying group memberships may seem technically similar across modules, but access control governs who can execute those steps. The Admin may see the interface or the group list, but without the HR Admin role, they will be blocked from making changes to HR-specific groups.

Why D is incorrect:
While impersonation allows users to act as another user temporarily, it comes with its own set of restrictions and audit implications. It also requires that the Admin has permission to impersonate someone with the HR Admin role. More importantly, impersonation is a workaround, not a legitimate solution, and does not resolve the underlying issue of insufficient role-based access.

In conclusion, removing the HR Admin role from an Admin user effectively revokes their ability to manage HR groups. To perform such tasks again, the Admin must be explicitly granted the HR Admin role, thereby maintaining proper governance over sensitive HR data and access.

Question 3:

Within the Create Bulk Cases interface, which four of the following can be selected in the 'Filter by' dropdown menu? (Select four)

A. Document Template
B. Upload File
C. HR Service Template
D. User Criteria
E. HR Template
F. HR Profiles
G. HR Criteria

Correct Answers: A, C, D, G

Explanation:

The Create Bulk Cases feature is commonly found in HR systems such as ServiceNow and is designed to streamline the process of creating multiple HR cases at once. This function is especially helpful when HR departments need to initiate numerous similar cases, such as onboarding new hires or notifying employees of a policy change. The Filter by dropdown is a key part of this functionality, allowing HR professionals to limit the scope of case creation to relevant segments of the workforce based on defined parameters.

Let’s review the correct options first:

• A. Document Template: This option allows users to filter cases by selecting a specific document template. Document templates define the structure and content of documents associated with the HR case, ensuring consistency and compliance with organizational standards. Including this filter ensures the cases generated all use the correct, predefined documentation.

• C. HR Service Template: This filter lets the user choose which predefined HR service template will be applied to the bulk cases. These templates might relate to common HR processes such as leave requests or compliance training. Filtering by service template guarantees the cases created align with a particular service offering.

• D. User Criteria: This is one of the most essential filtering mechanisms. It allows filtering based on specific attributes of users—like department, role, location, or employment status. This is useful when cases need to be initiated only for a targeted user group.

• G. HR Criteria: Similar to User Criteria, this filter allows the administrator to apply specific HR rules or logic when selecting users for whom the cases should be created. HR Criteria might include conditions like tenure length or eligibility for a benefit.

Now let’s clarify the incorrect options:

• B. Upload File: While file uploading may be part of the overall process (e.g., uploading a CSV file of employee IDs), it is not available as a filtering option in the Filter by dropdown.

• E. HR Template: Though it might sound similar to HR Service Template, “HR Template” is not a valid filtering choice in this context.

• F. HR Profiles: These store detailed user information, but they are not used directly as a filter option in this module.

In summary, Document Template, HR Service Template, User Criteria, and HR Criteria are the valid options available in the Filter by dropdown. These filters provide a flexible yet controlled way to create relevant and targeted bulk HR cases effectively.

Question 4:

A user with both the Admin and HR Admin roles wants to configure access controls for the Employee Relations Cases table. What is the first action they must take to proceed?

A. Add the Delegated Developer role to the user record
B. Elevate your role to security_admin using the user dropdown in the banner
C. Manually assign the security_admin role to your user record
D. No additional steps are needed

Correct Answer: B

Explanation:

In ServiceNow, access control management is a critical component of ensuring sensitive data remains protected. While roles like Admin and HR Admin provide considerable privileges, they do not by default allow a user to modify Access Control Rules (ACLs)—especially for high-security tables such as Employee Relations Cases. ACLs define which users can view, write, create, or delete records in a given table.

To configure these ACLs, the user must possess elevated privileges that specifically allow access to sensitive security settings. This is where the security_admin role comes in. It serves as an extra layer of control to prevent unauthorized or accidental security misconfigurations.

• B. Elevate your role to security_admin using the user dropdown in the banner: This is the correct and best-practice method for temporary elevation of privileges. When a user with the Admin role needs to perform advanced configurations, including modifying ACLs, they must elevate their role during a session. This is done through the user menu (top-right corner in ServiceNow), where the option to “Elevate Roles” is available. Selecting security_admin grants access to restricted settings for the duration of that session. Once the session ends, the elevated role is removed, maintaining the principle of least privilege.

Let’s evaluate the incorrect options:

• A. Add the Delegated Developer role to the user record: This role is generally meant for development tasks and doesn’t grant any access to manage ACLs or security settings. It’s used for customizing UI, writing scripts, and building apps—not managing access control.

• C. Manually assign the security_admin role to your user record: Although this could technically give you permanent access to security configurations, it goes against best practices. Granting permanent security_admin access increases risk, and such assignments are usually tightly controlled by system administrators.

• D. No additional steps are needed: This is incorrect because Admin and HR Admin roles alone do not allow ACL modifications. Without elevating to security_admin, the user will encounter access restrictions when attempting to configure access controls.

In conclusion, the first and necessary step for configuring access control on the Employee Relations Cases table is to elevate the session to security_admin using the built-in elevation function in the user dropdown. This ensures the user has proper privileges for the task without compromising long-term security.

Question 5:

Which type of information is most commonly found within an HR Profile in platforms such as ServiceNow?

A. Personal employee data
B. Group membership and role information
C. User login and department information
D. A user’s password

Correct Answer: A

Explanation:

An HR Profile in systems like ServiceNow is designed to store and manage detailed information related to each employee from a human resources standpoint. The primary purpose of this profile is to act as a centralized repository that supports various HR functions such as performance evaluation, employee onboarding, compensation management, and compliance. The HR Profile enables HR teams to maintain comprehensive and up-to-date employee records critical for organizational effectiveness.

The correct answer is A: Personal employee data. This data includes vital personal information about the employee, such as:

• Full name, gender, and date of birth

• Home address and contact details (email, phone)

• Emergency contact information

• Social security number or employee ID (where applicable)

• Employment start date, job titles, and work history

• Salary and compensation package details

• Eligibility for benefits, such as healthcare or retirement plans

This personal data is essential for HR processes like payroll processing, benefits administration, and regulatory reporting. These attributes help ensure that HR services are delivered accurately and legally for every employee.

Why the other options are incorrect:

B. Group membership and role information
This kind of data is generally part of user access control systems rather than HR profiles. IT platforms track which users belong to which groups (e.g., admin, finance, HR), but these are not core elements of HR-centric systems focused on personal and job-specific data.

C. User login and department information
Login credentials and departmental assignments are usually handled by IT service management or identity access management (IAM) tools. Although department affiliation might be reflected in an HR profile for reporting purposes, login information is managed in systems prioritizing access control and authentication.

D. A user’s password
Passwords are never stored directly in HR profiles due to security best practices. Authentication credentials are handled separately in encrypted IAM systems to protect user identities and prevent unauthorized access.

In conclusion, HR Profiles serve a vital function in modern enterprises by securely storing personal employee data that drives core HR services. Understanding the separation between HR and IT systems is key to recognizing why personal data, not technical access data, resides within the HR Profile.

Question 6:

In ServiceNow, how many User Criteria Records can be assigned to a Knowledge Base or Knowledge Article?

A. Only two
B. Only three
C. Unlimited
D. Only one

Correct Answer: C

Explanation:

In ServiceNow, User Criteria Records are a powerful mechanism used to control visibility and access to Knowledge Base (KB) content. They define which users or groups can read or contribute to knowledge articles based on specific attributes such as roles, groups, departments, or geographical location. These criteria ensure that sensitive or specialized knowledge is made accessible only to the appropriate audience.

The correct answer is C: Unlimited. There is no upper limit on how many user criteria you can assign to a Knowledge Base or an individual KB article. This design offers administrators the flexibility to implement highly tailored access controls. For example, a KB article related to legal compliance might be restricted to employees in the legal department at specific locations with a required managerial role. Each of these conditions can be defined and added as separate user criteria to the same article.

ServiceNow's configuration allows administrators to specify multiple inclusion and exclusion criteria, enhancing the granularity of access control. This is particularly beneficial in large organizations with varied user roles, departments, and regional access requirements. The platform supports advanced filtering logic, enabling layered conditions without imposing hard limits.

Why the other options are incorrect:

A. Only two
This is inaccurate. While applying two criteria is possible, it is not a limitation. Organizations can define as many as needed for precise access control.

B. Only three
Again, this is a myth. ServiceNow does not restrict you to three criteria. The system’s flexibility allows for complex configurations involving numerous user criteria records.

D. Only one
Limiting access to a single user criterion would severely restrict how content is delivered and managed in dynamic environments. ServiceNow avoids such restrictions to empower administrators with scalable control.

Ultimately, the ability to apply an unlimited number of user criteria gives ServiceNow administrators the tools they need to meet enterprise-level access control requirements, ensuring the right people see the right knowledge at the right time.

Question 7:

In a base ServiceNow configuration, how are User Criteria Records most commonly used, and how many can be applied to a Knowledge Base or Article?

A. To control which users can access the HR Case application
B. To control what a user sees in the information and suggested reading widgets
C. To control read and write access to Knowledge Bases and Articles
D. To control which users can access the HR Service Portal

Correct Answer: C

Explanation:

In ServiceNow, User Criteria Records serve as a fundamental component in Knowledge Management, allowing administrators to control who can read or contribute to specific Knowledge Bases (KBs) and Articles. These records operate by defining rules based on roles, user groups, departments, companies, and other user attributes. They are applied to set both read and write access rights, thereby enabling precise control over content visibility and editability.

When applying User Criteria to a Knowledge Base, administrators can define:

• Read User Criteria: Who is allowed to view articles within the KB.

• Contribute User Criteria: Who is allowed to create or edit articles within the KB.

These same principles apply to individual KB Articles, which can have their own criteria for access that may override the KB’s defaults. This flexibility ensures that sensitive or departmental knowledge can be restricted appropriately.

Moreover, there is no enforced limit on the number of User Criteria Records that can be attached to a KB or KB Article. This design allows organizations to create complex, multi-condition access rules ensuring security and compliance needs are met.

Now let’s assess the other options:

• A (HR Case application): Application-level access is governed by roles and ACLs, not User Criteria.

• B (Suggested reading widgets): These widgets rely on contextual suggestions or user history, not User Criteria.

• D (HR Service Portal): Portal access is controlled by roles and service portal configuration, not User Criteria.

Key takeaway: User Criteria provides powerful control over knowledge visibility and editing rights, but it is specifically scoped to Knowledge Management, not the entire application or portal access structure.

Question 8:

Within the ServiceNow HR application, what accurately describes the relationship between the User [sys_user] table and the HR Profile [sn_hr_core.profile] table?

A. Both are required
B. Only the HR Profile table is required in HR
C. Neither are required
D. Only the User table is required in HR

Correct Answer: A

Explanation:

In the ServiceNow HR application, both the User [sys_user] table and the HR Profile [sn_hr_core.profile] table are indispensable. They operate in tandem to ensure complete and secure handling of employee data and HR workflows.

The User [sys_user] table is part of the core ServiceNow platform and contains baseline identity information. Every user who logs into ServiceNow has a record in this table. It includes:

• Login credentials

• Name and email

• Assigned roles

• Department and location

• Employment status (active/inactive)

However, while this table holds general user data, it does not contain confidential HR-related data, which is where the HR Profile table comes into play.

The HR Profile [sn_hr_core.profile] table is an extension of the HR application and contains detailed personal and professional data about employees. It includes:

• Home address, emergency contacts

• Job history, education background

• Performance and compensation history

• Onboarding/offboarding status

Each HR Profile is linked to a User record, providing a comprehensive employee model that separates general system-level access (sys_user) from HR-specific sensitive information (HR Profile). This separation is also essential for data security, ensuring HR data is only accessible to authorized HR agents.

Let’s break down why the other options are incorrect:

• B (Only HR Profile is required): The HR Profile needs a corresponding sys_user entry for authentication and system-level access.

• C (Neither are required): Without these tables, core HR workflows and user identity management would break.

• D (Only the User table is required): The sys_user table lacks the necessary fields for complete HR functionality.
  
  

Conclusion: To effectively manage HR processes in ServiceNow, both tables are required. The User table handles system-wide identity and permissions, while the HR Profile adds depth and confidentiality necessary for human resources workflows.

Question 9:

Which feature in ServiceNow determines the specific conditions that a Case must satisfy before being automatically assigned to an appropriate agent?

A. Matching Rules
B. Client Rules
C. ACLs (Access Control Lists)
D. Escalation Rules

Correct Answer: A

Explanation:

In the ServiceNow platform, Matching Rules are the primary mechanism used to define the logic for automated case assignment. When a case—whether it’s an incident, request, or HR inquiry—is created, Matching Rules assess key attributes such as category, priority, skills required, and agent availability to determine the best agent or group for assignment.

Matching Rules work in conjunction with Assignment Rules, acting as a filter to determine which agent fits the predefined criteria. For instance, if a case is logged with the category "Payroll" and has a "High" priority, the Matching Rule might route the case to an agent who has HR and payroll experience, ensuring the ticket is handled by the most qualified personnel. This not only increases resolution efficiency but also improves the end-user experience.

Let’s examine why the other choices are incorrect:

• Client Rules operate on the client-side interface of ServiceNow and control browser-based behavior like form validation or hiding fields. They do not participate in case assignment logic.

• ACLs (Access Control Lists) are designed to restrict or grant access to specific records or fields within a table. While they’re critical for data security, they don’t determine who cases are assigned to.

• Escalation Rules help in raising the priority of a case or reassigning it if it remains unresolved beyond a certain timeframe. Their focus is on timeliness and urgency, not initial assignment.
  
  

To summarize, Matching Rules are essential to streamline case assignment by evaluating real-time conditions and attributes. They reduce manual intervention, ensure fair distribution based on skillsets or workloads, and align case management with organizational goals. Organizations using Matching Rules can automate assignments intelligently, which is key to maintaining operational efficiency and employee satisfaction.

Question 10:

In the ServiceNow HR module, which role must a user possess, at a minimum, to access confidential information within the HR Profile?

A. HR Admin [sn_hr_core.admin]
B. HR Basic [sn_hr_core.basic]
C. LE Admin [sn_hr_le.admin]
D. HR Manager [sn_hr_core.manager]

Correct Answer: A

Explanation:

ServiceNow’s HR Profile record stores sensitive and private employee data, including personal details, job roles, compensation history, and more. To protect this information, ServiceNow employs strict access control mechanisms that rely heavily on role-based permissions.

The HR Admin [sn_hr_core.admin] role is the minimum required role that grants full visibility and control over confidential HR Profile data. Individuals with this role are typically HR administrators or HR system owners who require access to all aspects of an employee's HR profile to perform high-level HR tasks, such as updating personal data, reviewing compensation records, and ensuring compliance with labor laws.

Let’s explore the other roles and why they fall short:

• HR Basic [sn_hr_core.basic] provides access to limited HR functions. Users with this role might be able to interact with non-sensitive case data or submit requests but cannot view or edit confidential profile information.

• LE Admin [sn_hr_le.admin] is specific to the Learning and Education module within HR Service Delivery. This role allows management of learning plans, training records, and certifications—but not access to HR Profiles.

• HR Manager [sn_hr_core.manager] grants broader access than HR Basic, including visibility into HR cases and some employee data, but it still restricts access to sensitive fields in the HR Profile. This role is designed for supervisors or HR leads who manage teams, not for administrative-level access.

By ensuring that only the HR Admin role can access the full range of data within the HR Profile, ServiceNow supports data privacy, compliance with employment laws, and internal security policies. Organizations must apply the principle of least privilege, assigning this role only to those who truly need access to confidential HR data. This protects employee privacy and reduces the risk of data breaches or misuse of sensitive information.