6.3 High-Yield Review & Test Strategy
Key Takeaways
- Database Management and Platform Security is the heaviest CSA domain at 30%, so ACLs, the data schema, and import patterns deserve the most review time.
- ACL evaluation requires every applicable rule to pass in order: a record-level ACL must grant access before its field-level ACLs are even evaluated.
- Update sets capture configuration changes (forms, business rules, flows) for promotion, but they do not move data records such as incidents or users.
- The CSA exam is 60 questions in 90 minutes; pacing at roughly 90 seconds per question leaves about 10 minutes to review flagged items.
- Coalesce, client-side vs. server-side scripting, and Flow Designer vs. legacy Workflow are the most common high-yield trap areas across domains.
6.3 High-Yield Review & Test Strategy
Quick Answer: The Certified System Administrator (CSA) exam is 60 questions in 90 minutes. Spend the most review time on Database Management and Platform Security (30%), master ACL evaluation order, know that update sets move configuration but not data, and pace at about 90 seconds per question.
This section ties the whole guide together. Use it as a final-pass checklist, not as first-time learning material.
Domain Weights and What to Know Cold
The official CSA blueprint weights six domains. Study time should follow the weight, with extra focus on the security and data domain.
| Domain | Weight | Must know cold |
|---|---|---|
| Platform Overview & Navigation | 7% | Next Experience UI, application navigator, lists vs. forms, instance vs. application scope. |
| Instance Configuration | 10% | Plugins, system properties, branding, UI personalization. |
| Configuring Applications for Collaboration | 20% | Form/list configuration, UI policies, notifications, dashboards, reporting. |
| Self Service and Automation | 20% | Knowledge, Service Catalog items/variables, Flow Designer vs. legacy Workflow. |
| Database Management & Platform Security | 30% | Tables and table extension, dictionary, ACL evaluation order, roles/groups. |
| Data Migration and Integration | 13% | Import sets, coalesce, transform maps, update sets, REST/SOAP, MID Server. |
Cross-Domain Recap of the Highest-Yield Rules
1. ACL evaluation order. An Access Control List (ACL) rule grants access only when all of its parts pass: required role(s), the condition, and the script must each evaluate true. ServiceNow checks the most specific match first and evaluates table/record-level access before field-level access — if the record-level ACL denies, the field ACLs never matter. If no matching ACL exists for an operation on a table, access is denied by default (deny by default).
2. Update sets vs. data. An update set captures configuration changes — fields, forms, business rules, client scripts, UI policies, flows — so they can be promoted between instances. Update sets do not carry data records (incidents, users, CIs); move those with import sets or cloning.
3. Flow Designer vs. legacy Workflow. Flow Designer is the current low-code automation engine (flows, subflows, actions, IntegrationHub). The legacy Workflow editor still runs older content, but new automation should be built in Flow Designer. Know which one a scenario implies.
4. Coalesce. In a transform map, coalesce = true turns a field into a match key: a match updates the existing record, no match inserts a new one, and no coalesce field causes duplicates.
5. Table extension. A table can extend a parent table and inherit its fields (for example, incident extends task). Extended tables share the parent's columns and behavior; this is why task-based features apply to incident, problem, and change.
Common CSA Traps
- Client-side vs. server-side: UI Policies and Client Scripts run in the browser; Business Rules and ACLs run on the server. A question asking to enforce a rule "even via import or API" points to server-side (Business Rule/ACL), never a Client Script.
- UI Policy vs. Data Policy: a UI Policy affects only the form; a Data Policy enforces rules on all inserts/updates including imports and APIs.
- Role inheritance: the
adminrole grants broad access but does not automatically include every scoped or specialized role. - Coalesce blank value: a blank coalesce field can match many records — choose a stable unique key.
- Direction confusion: "a vendor system creates a ticket in ServiceNow" is inbound, not outbound.
- Update set scope: moving an update set does not move the data the configuration acts on.
Exam-Day Pacing: 60 Questions in 90 Minutes
The blueprint allots 90 minutes for 60 questions, which is 90 seconds per question on average. Multiple-select questions take longer, so bank time on the easy ones.
| Checkpoint | Target | Why |
|---|---|---|
| After 20 questions | ~25 minutes elapsed | Confirms you are on or ahead of pace. |
| After 40 questions | ~50 minutes elapsed | Leaves a safe buffer. |
| All 60 answered | by ~80 minutes | Reserves ~10 minutes for flagged review. |
| Final 10 minutes | review flagged items | Re-read multi-select questions for "select all that apply." |
Pacing rules:
- Never leave a question blank — there is no penalty for guessing; eliminate options and choose.
- Flag and move on if a question takes more than ~2 minutes; do not let one item burn five minutes.
- For multiple-select, count how many answers the question asks for and verify each independently.
- Read the last sentence first on long scenarios to learn what is actually being asked, then read the scenario for the relevant facts.
Study-Plan Timeline
A realistic 6-week plan for a candidate with some platform exposure, scaled to the heaviest domain:
| Week | Focus | Output |
|---|---|---|
| 1 | Platform overview, navigation, instance configuration | Comfortable in a Personal Developer Instance (PDI). |
| 2 | Collaboration: forms, lists, UI policies, notifications, reporting | Build a custom form and notification in the PDI. |
| 3 | Self service & automation: catalog, Knowledge, Flow Designer | Build a catalog item with a flow. |
| 4 | Database & security (heaviest): schema, table extension, ACLs, roles | Write and test record + field ACLs. |
| 5 | Migration & integration: import sets, coalesce, update sets, REST/SOAP | Run a coalesced import end to end. |
| 6 | Timed full-length mocks + weak-area remediation | Two timed 60-question runs, score and review. |
Hands-on practice in a free Personal Developer Instance (PDI) is the single biggest score driver — the CSA exam rewards candidates who have actually configured the platform, not just read about it.
A field-level ACL would grant a user write access to the 'priority' field, but the record-level (table) ACL for write on that table denies the user. What is the result?
An admin promotes an update set from development to production, but the test incidents created in development do not appear in production. Why?
A requirement states a value must be enforced even when records are created through a data import or an inbound API, not just on the form. Which tool is correct?
With 60 questions in 90 minutes, roughly how much time should a candidate budget per question to keep a review buffer?
Which CSA domain carries the highest blueprint weight and should receive the most review time?
You've completed this section
Continue exploring other exams