Pass the ServiceNow CIS-Data Foundations (CMDB and CSDM) CIS-DF Questions and answers with CertsForce

Within the Common Service Data Model (CSDM), service types are clearly defined to separate business-facing value, application logic, and technical enablement. Correct classification is foundational to impact analysis, ownership, reporting, and service visibility.

An Application Service is a logical representation of a deployed application or system stack. It models how an application runs, including servers, databases, middleware, and integrations. Application Services are typically created and maintained through Service Mapping and are primarily consumed by IT operations, DevOps, and support teams.

A Technology Management Service (also called a Technical Service) represents shared technical capabilities such as databases, authentication platforms, messaging systems, or cloud infrastructure. These services are published to Service Owners, not business users, and underpin one or more Application Services or Business Services. They are critical for understanding technical dependencies and risk but are not business-facing.

A Business Service is published to Business Users and directly supports business capabilities and outcomes. It represents what the business consumes, such as “Online Banking,” “Order Fulfillment,” or “Employee Onboarding.” Business Services sit at the top of the CSDM hierarchy and are the anchor point for SLAs, experience, and value measurement.

Correctly distinguishing these service types ensures alignment with CSDM best practices, enables accurate impact analysis, and prevents common CMDB anti-patterns such as exposing technical services to business users or misrepresenting application stacks as business value.

In a healthcare environment, identifying who is impacted during a critical incident is essential to patient safety and continuity of care. Within the Common Service Data Model (CSDM), the most effective way to determine impacted users is through Service Offerings, particularly when they are defined by department or location.

Service Offerings represent how a service is consumed by specific user groups. In this case, a patient management system may have different offerings for departments such as Emergency, Inpatient Care, or Outpatient Services, or be scoped by hospital location. These offerings explicitly define consumer context, allowing incident responders to immediately identify which clinicians, staff, or facilities are affected.

Option D (Affected CI related list) identifies technical impact but does not translate that impact into user or consumer context. Option A provides historical insight but does not identify current impacted users. Option C (service environment) helps differentiate production vs non-production but does not identify who is impacted.

By leveraging Service Offerings by Department or Location, the provider can quickly notify the right users, prioritize response based on clinical impact, and coordinate mitigation effectively—aligning with CSDM and ITIL best practices.

Therefore, the correct answer is B – Service Offerings by Department or Location.

In ServiceNow, protecting CMDB data quality during ingestion is a core Data Foundations principle. The Identification and Reconciliation Engine (IRE) is designed to ensure that CI records are uniquely identified, merged correctly, and protected from unauthorized overwrites. Any ingestion method that bypasses IRE introduces a high risk of duplicates and data corruption.

IntegrationHub ETL is the recommended method because it is natively designed to work with the Identification and Reconciliation API. When properly configured, IntegrationHub ETL ensures that incoming data is processed through IRE, applying identification rules, reconciliation rules, and source precedence. This allows multiple data sources to coexist safely while maintaining CMDB integrity.

Option B (Table API) is explicitly discouraged for CMDB ingestion because it writes directly to CMDB tables and bypasses IRE entirely, making it one of the most common causes of duplicate and conflicting CI records. While REST and SOAP APIs are powerful, they are not safe for CMDB ingestion unless they explicitly invoke the IRE API, which most generic table integrations do not.

Option C (Import Sets and Transform Maps) can be configured to call IRE, but this requires additional scripting and strict governance. Because of this complexity and higher risk of misconfiguration, it is not the recommended approach when safer, purpose-built options exist.

Therefore, IntegrationHub ETL is the verified and best-practice answer, making Option A correct.

In CSDM version 5, enterprise-wide capability tracking is firmly positioned within the Design and Planning domain. This domain is specifically intended to support Enterprise Architecture, Portfolio Management, and Strategic Planning use cases, making it the correct choice for an Enterprise Architect working across the organization.

The Design and Planning (Design) domain focuses on answering “what the business needs and how it should be designed” before services are built or delivered. It includes core concepts such as Business Capabilities, Value Streams, Information Objects, Business Applications, and Architectural relationships. Business capabilities represent what an organization does to achieve its objectives, independent of organizational structure, technology, or implementation. This abstraction is essential for enterprise architects, especially in highly regulated industries like financial services, where strategic alignment and impact analysis are critical.

The other domains do not fit this requirement:

Foundation provides shared reference data (companies, locations, users) but does not model enterprise capabilities.

Build and Integration focuses on application development, CI/CD pipelines, and integration layers.

Service Consumption is concerned with customers, offerings, and how services are consumed.

Service Delivery models the operational and technical delivery of services, including infrastructure and runtime environments.

From a Data Foundations and CSDM governance perspective, tracking enterprise capabilities in the Design and Planning domain ensures:

Clear separation between strategy, design, and operations

Alignment with ITIL 4 strategy and planning practices

Strong support for impact analysis, rationalization, and transformation initiatives

Therefore, Design and Planning (D) is the correct and fully aligned CSDM 5 domain for tracking enterprise capabilities.

In ServiceNow, controlling source precedence when multiple authorized data sources update the same CI attributes is a core responsibility of Identification and Reconciliation Engine (IRE) governance.

The correct and supported method is to assign priority to each data source in reconciliation rules. Reconciliation rules determine which source wins when multiple sources attempt to update the same attribute on a CI. By defining source precedence, the Configuration Manager ensures that the most authoritative system of record (for example, Discovery over manual imports, or HR systems over spreadsheets) consistently controls specific attributes or classes.

Option B is incorrect because manually sequencing data source runs is unreliable, does not scale, and violates Data Foundations best practices. Option C only controls how often data is refreshed, not which source is authoritative. Option D is incorrect because identification rules are used to uniquely identify CIs—not to control attribute-level precedence.

Using reconciliation rules provides deterministic, auditable, and automated control, which is essential for maintaining CMDB trust and avoiding data conflicts.

Therefore, the correct answer is A – Assign a priority to each data source in reconciliation rules.

In ServiceNow, de-duplication tasks generated by the Identification and Reconciliation Engine (IRE) are operational governance tasks that require action by CMDB administrators or data owners. These tasks are surfaced in a role-based and actionable manner to ensure they are addressed promptly.

Within the CMDB Workspace, such tasks are accessed via the My Work tab, specifically under the Total status section. This area consolidates all actionable CMDB-related work items assigned to the user or their groups, including duplicate CI remediation tasks, data certification tasks, attestation requests, and lifecycle governance actions generated by CMDB Data Manager and IRE processes.

Option A is incorrect because the Home tab focuses on high-level navigation and featured actions, not task execution. Option B is also incorrect because the Insights tab and feature adoption tiles provide visibility and analytics, not task management.

By centralizing de-duplication tasks in My Work, ServiceNow ensures CMDB governance is embedded into daily operations, improving responsiveness and data quality while maintaining accountability.

Therefore, the correct answer is C – Total status under the My Work tab.

The CMDB Data Manager capability in ServiceNow is designed to support CMDB governance, specifically around data lifecycle management. Its primary purpose is to ensure that CI records are retained, archived, and deleted in accordance with defined retention policies, regulatory requirements, and organizational data governance standards.

As CMDBs mature, they naturally accumulate obsolete, retired, or decommissioned CIs. If these records are not properly managed, they negatively impact CMDB health, reporting accuracy, discovery reconciliation, and performance. CMDB Data Manager addresses this by automating the archival and deletion of records once lifecycle conditions and retention thresholds are met.

Option A is incorrect because encryption of archived records is handled by platform-level security and data protection features, not CMDB Data Manager. Option B is also incorrect because relationship rule enforcement is managed through CSDM guidance, CMDB relationship rules, and identification/reconciliation logic—not by CMDB Data Manager.

By automating retention-based archival and cleanup, CMDB Data Manager helps organizations maintain a lean, compliant, and high-quality CMDB, which directly supports CMDB Health metrics such as correctness and compliance.

Therefore, the correct and verified answer is Option C.

In CMDB governance, different CMDB Data Manager policy types serve different validation and enforcement purposes. When the objective is to allow an assigned individual to review and update specific fields on a CI record, the correct policy type is Certification.

A Certification policy creates actionable tasks that require the assignee to validate and, if necessary, correct specific CI attributes, such as lifecycle status, support group, environment, or ownership. During certification, the user can directly update CI fields to bring the record into compliance with defined standards.

Attestation (Option C) only asks the user to confirm that a CI still exists or is still valid; it does not require or enable attribute-level updates. Audit (Option A) is used for reporting and evidence collection, not remediation. Compliance (Option D) measures adherence to rules but does not itself generate editable remediation tasks.

Certification is therefore the primary mechanism used when human validation and correction of CI data is required—making it a cornerstone of CMDB data quality management.

Hence, the correct answer is B – Certification.