InServiceNow,Access Control rules (ACLs)are used torestrict or grant accessto data. Each Access Control rule consists of:
Table-level (Row-Level) ACLs- Control access to the entire record (row).
Field-level ACLs- Control access to specific fields within a record.
Access Control rules are evaluated in a specific orderto determine whether a user has the necessary permissions to perform an action (Read, Write, Create, Delete, etc.).
If both a row-level and a field-level ACL exist for the same table, BOTH must evaluate to "true"before access is granted.
The system checks conditions, scripts, and roles defined in the ACLsto decide whether the user meets the access requirements.
Access Control Rule Evaluation Process:Why is Option C Correct?If both a row-level rule and a field-level rule exist, both must evaluate to "true" for a user to perform an action.
Row-Level ACLscheck if a user can access the record itself.
Field-Level ACLscheck if a user can access specific fields within that record.
If a user failseitherACL check, access is denied.
Why Are the Other Options Incorrect?A. "Rules are evaluated using roles. The role with the most permissions evaluates the rules first." Access Control rulesare not evaluated based on roles with the most permissions.
Roles are just one factorin ACL evaluation, along with conditions and scripts.
B: "If more than one rule applies to a row, the older rule is evaluated first." ServiceNow does not prioritize ACL rules based on their creation date.
Instead, ACLs follow a structured evaluation order (general-to-specific).
D: "Rules are evaluated from the general to the specific, so a table rule must be active to continue." This is partially true but misleading.
ServiceNow evaluates ACLs fromspecific to general(Field # Table).
However,a table-level rule does NOT need to be activefor a field-level ACL to be evaluated.
Reference from Certified System Administrator (CSA) Documentation:#ServiceNow Docs - Access Control Rules (ACLs) Evaluation
#ServiceNow ACL Evaluation Documentation
"If a field-level rule and a row-level rule exist,both must evaluate to truefor the operation to be allowed." Conclusion:The correct answer isC. If a row-level rule and a field-level rule exist, both rules must be true before an operation is allowed.
#Understanding ACL rule evaluation is critical for managing security in ServiceNow, ensuring that users have the appropriate access while maintaining data integrity.

In ServiceNow,Core Tablesare foundational tables that are included by default in the platform. These tables store essential records used across various applications and modules.
#Key Core Tables in ServiceNow:
Task (task)- A core table that serves as the parent for several other tables, such as Incident, Change, and Problem.
User (sys_user)- Stores all user records in the instance.
Incident (incident)- A child table oftask, used to track issues and requests reported by users.
#Why Option C is Correct?
User (sys_user)- Essential for user management in ServiceNow.
Task (task)- A fundamental table that many other tables extend from.
Incident (incident)- A widely used table in IT Service Management (ITSM), which extends fromtask.
#Incorrect Options Explained:
A). Configuration, Connect, Chat- Configuration is broad and does not refer to a single table, and Connect and Chat are part of ServiceNow's communication framework but are notcoretables.
B). Team, Party, Awards- These tables do not exist in ServiceNow's core platform.
D). Work, Caller, Timecard- WhileCallermay refer to users, andTimecardis a table used in time-tracking applications, these are not considered core tables.
#Reference:
Creating Tables in ServiceNow
ServiceNow Task Table Documentation
Understanding Core Tables in ServiceNow

ABusiness Rulein ServiceNow is aserver-side scriptthat executes when records are inserted, updated, deleted, or queried in a specified table. Business Rules allow automation and customization of workflows by defining logic that runs under specific conditions.
Table (B) -Correct
ABusiness Rulemust be associated with aspecific tablewhere it will execute (e.g., Incident, Change, Task).
This determineswhich recordsthe rule applies to.
Script to Run (E) -Correct
A script must be provided when defining advanced logic in a Business Rule.
Business Rules useserver-side JavaScriptto perform various actions, such as setting field values, enforcing validation, or triggering workflows.
Timing (H) -Correct
The execution timing of a Business Rule determineswhenit runs relative to a database transaction.
Business Rules can run:
Before(before record is saved)
After(after record is saved)
Async(after the transaction completes)
Display(when a form loads)
Condition to Evaluate (I) -Correct
Conditions definewhen the Business Rule should executebased on specific criteria.
Example: A Business Rule might runonly when the priority is set to High.
A). UI Action(Incorrect)
UI Actions (buttons, links, context menus) are separate from Business Rules and are used for UI customization.
C). Fields to update(Incorrect)
While Business Rules can update fields,you do not specify "fields to update" as a required setting. Instead, updates are made via scripts within the rule.
D). Who can run(Incorrect)
Business Rulesalways run on the server-sideand do not require user-specific execution settings.
F). Application Scope(Incorrect)
Although Business Rules belong to an application scope, this isautomatically determinedbased on the current application.
G). Update Set(Incorrect)
Business Rules arecaptured in an Update Set, but this is not a configuration setting while creating the rule.
ServiceNow Business Rules Overview:https://docs.servicenow.com/bundle/utah-application-development
/page/script/server-scripting/concept/business-rules.html
Creating Business Rules:https://docs.servicenow.com/en-US/bundle/utah-application-development/page/script
/server-scripting/task/t_CreateABusinessRule.html
Key Elements to Specify When Creating a Business Rule:Incorrect Options:Official References from Certified System Administrator (CSA) Documentation:

In ServiceNow,Access Control Rules (ACLs)determine who cancreate, read, write, delete, or executerecords within a table. Each ACL rule evaluates three main permission requirements,all of which must be truefor the rule to apply. These requirements are:
TheConditions fieldin an ACL specifies predefined logic that must be met for the rule to apply.
Example: An ACL might specify that a record is only accessible if theStatefield is set to "Open".
Conditions areevaluated firstbefore checking roles or scripts.
ACLs can berestricted to users with specific roles.
If a user does not have the required role(s), the ACL denies access.
Example: Only users with the"itil"role can edit incidents.
If the ACL does not specify any role, all users may be eligible based on conditions and script evaluations.
ACL scripts provideadvanced conditional logicusingserver-side JavaScript.
Scripts allow complex rule evaluation, such as checking whether a user is the record's creator.
Example: A script could restrict access to records wherecurrent.requested_for == gs.getUserID()(only allow users to see their own requests).
If a script is present in an ACL, it must returntruefor access to be granted.
Access control rules are only granted when all three evaluations return true.
Conditions act asfilters.
Roles definepermissions based on user roles.
Scripts allowadvanced access logic.
1. Conditions (A - Correct Answer)2. Roles (C - Correct Answer)3. Script (D - Correct Answer)Why "A.
Conditions," "C. Roles," and "D. Script" are the Correct Answers?
B). Table - Incorrect
Access control appliesto specific tables, but defining a table itself is not one of the permission checks.
E). Table." - Incorrect
This is anincorrectly formatted optionand does not relate to access control evaluation.
F). Table.none - Incorrect
"Table.none" is not an evaluation factor in ACLs. Access control applies totable-level, field-level, and record- level, but "table.none" is not an access requirement.
Explanation of Incorrect Options:
ServiceNow Docs: Access Control Rules (ACLs) Overview
ServiceNow CSA Study Guide - Security and Access Control
ServiceNow Product Documentation: Evaluating ACLs and Permissions
References from Certified System Administrator (CSA) Documentation:

InServiceNow Knowledge Management,User Criteriais thebest practice methodforrestricting access to knowledge articles.
Controls Who Can Read or Contribute to a Knowledge Base
Read Access- Determines which users canviewarticles in a Knowledge Base.
Contribute Access- Determines which users cancreate, edit, or publisharticles.
Can Be Based on Multiple Factors
User Criteria caninclude or exclude usersbased on:
Roles
Groups
Departments
Locations
Flexible & Scalable
Instead of manually assigning permissionsarticle-by-article, User Criteriaapplies rules to the entire Knowledge Base.
This method provides acentralized way to manage permissionsfor large teams.
Why is "User Criteria" the Correct Answer?
A: CategoriesIncorrect- Categoriesorganizeknowledge articles into groups, but they donotcontrol access.
B: RolesIncorrect- While roles can be usedwithin User Criteria, theyalonedo not determine access.
User Criteria providesmore granular controlthan just assigning roles.
D: GroupsIncorrect- Groups can beincluded in User Criteria, but groups alonedo not directly control knowledge access.
Incorrect Answer Choices Analysis:
ServiceNow Docs - User Criteria for Knowledge Management#User Criteria Overview ServiceNow Docs - Managing Knowledge Base Permissions#How to Configure Knowledge Access Official ServiceNow Documentation References: