Download ServiceNow CIS-Discovery (New York): Comprehensive Guide with Q&A and more Exams Web Programming and Technologies in PDF only on Docsity!
ServiceNow CIS - Discovery (New York)
Latest Version Rated A+
Cloud Discovery ✔✔Cloud discovery finds resources in AWS and Azure clouds, and then populates the CMDB with the relevant CIs and relationships.
Two types:
- Service account cloud discovery
- Cloud application discovery
Server-less Discovery ✔✔Discovery can find applications on host machines without the need to discover the host first.
Two types:
- Standard server-less discovery
- Host-based server-less discovery
Discovery Dashboard displays ✔✔1. The current progress (status) of the actively running Discovery schedules.
- Newly discovered devices and applications, by time discovered.
- Existing devices and applications not updated by Discovery.
- Errors that occurred during a Discovery schedule that has run.
- Credentials that were either not required or unused by a Discovery schedule.
Discovery > Status ✔✔The Discovery Status provides a summary of a Discovery launched from a schedule. You can also cancel a Discovery that is in progress from the Discovery Status form.
What are the Discovery Status reference lists? ✔✔1. Discovery Log: Classification failures, CMDB updates, and authentication failures.
- Devices: Summary of all the devices scanned during discovery, and what action sensors took on the CMDB.
- ECC Queue: Connected flow of probe and sensor activity, actual XML payload.
Include Alive ✔✔Indicates that this Discovery includes devices on which one port responded to the scan, but no ports are open. Such a device is considered to be alive. If this check box is not selected, only active devices with one or more open ports that Discovery can query are displayed.
Where can you set the Shazzam batch size? ✔✔In the Discovery Schedule.
What is the default batch size for Shazzam? ✔✔ 5000
When NOT to use MID server clusters? ✔✔For performance and reliability reasons, these data sources should not be used with MID Server clusters. These external data sources should only be used with dedicated MID Servers.
1. LDAP
- Export sets
- JDBC data sources
When can a MID server specifically cause duplicate data? ✔✔If a MID Server in a cluster fails, the fail-over MID Server starts over at the beginning of the ECC queue task even if much of the information from the JDBC data source was already returned. This can result in duplicate data.
What are MID Server Capabilities? ✔✔MID Server capabilities define the specific functions of a MID Server within an IP address range.
Several applications, such as Discovery, Service Mapping, Cloud Management, and Orchestration can use capabilities, IP ranges, and MID Server selection to narrow the pool of MID Servers the applications need.
What MID Server Capabilities are available by default? ✔✔All
Cloud Management
Nmap
PowerShell
Resolve DNS
REST
SNMP
SOAP
SSH
VMware
WMI
Where can you validate Discovery results? ✔✔1. Accessing the ECC queue
- Analyzing the XML payload
- Checking the Discovery log
What are some high level Discovery troubleshooting areas? ✔✔1. Connectivity
- Permissions
- Configuration
- Probes, Sensors, Process Classifiers
Under which account does the MID server run? ✔✔Local Admin Account
If there are no working credentials for a device, which credentials are used? ✔✔MID Server Service Account
Credentials for SSH are for? ✔✔Unix/Linux
Credentials for SNMP are for? ✔✔Network/Printer Devices
Credentials for Windows are for? ✔✔Windows Devices
Credentials for VMWare vCenter are for? ✔✔VMware vCenter
Credentials for CIM are for? ✔✔CIM servers based on the Common Information Model
Credentials for AWS are for? ✔✔Amazon EC2 Web Services
Where are credentials stored? ✔✔On the instance in the Credentials table.
How does the MID Server use stored credentials? ✔✔The platform stores credentials in an encrypted field on the Credentials [discovery_credentials] table. Once they are entered, they cannot be viewed.
When credentials are requested by the MID Server, the platform decrypts the credentials using the following process:
- Decrypted on the instance with the password2 fixed key.
- Re-encrypted on the instance with the MID Server's public key.
- Encrypted on the load balancer with SSL.
- Decrypted on the MID Server with SSL.
- Decrypted on the MID Server with the MID Server's private key.
What MID Server Parameter enables automatically falling back to MID Server service credentials if all other credentials fail? ✔✔mid.powershell.local_mid_service_credential_fallback
Type: true | false
Default value: true
What privileges are needed for SSH? ✔✔root or sudo
What parameter needs to be set to use sudo? ✔✔must_sudo = true
How can sudo be configured? ✔✔/etc/sudoers file using the visudo command
How can you test SSH credentials? ✔✔From MID server using PuTTY
Which table is used to view the Device History? ✔✔discovery_device_history
What needs to be enabled to use external storage credentials? ✔✔Discovery External Credential Storage Plugin
What are the requirements for discovering SQL Server? ✔✔MID Server
- Install .Net 3.5 and 4 from Microsoft
- Install Microsoft SQL Server management lib (SMO)
- Install PowerShell v2.0 or above
Microsoft SQL Server Host
- Remote Registry Service running
- Add Windows user to proper SQL roles
What credentials are needed to discover VMware? ✔✔1. Windows or Linux credentials: Allows Discovery to access the host on which the vCenter server runs.
- vCenter credentials: Allows a vCenter probe to explore a vCenter server.
What are CIM credentials are used for? ✔✔Probe CIM servers to discover storage such as; DAS, NAS and SAN.
What is Functionality Definition? ✔✔Defines which protocols to detect.
How to use a behavior in Discovery schedule? ✔✔Drop down on the field, "MID Server selection method" on the Discovery Schedule and select: Use Behavior
What is the default protocol used when classifying in Shazzam probe? ✔✔Windows Management Instrumentation (WMI)
What does the Queue column in the ECC indicate? ✔✔Value = Input --> Sensor
Value = Output --> Probe
Each record is essentially a message from the instance and another system, classified as output, or a message from the external system to the instance, classified as input. ECC queue records provide you with a connected flow of probe and sensor activity, as well as the actual XML payload that is sent to or from an instance.
What can you find in the Shazzam XML Payload? ✔✔1. IP address
- Ports open/refused
- Banners
- Host names
What is a Discovery Pattern? ✔✔A pattern is a series of operations that tell Discovery which CIs to find on your network, what credentials to use, and what tables to populate in the CMDB.
A pattern performs the same function as a probe: it identifies and explores a target CI. Discovery uses patterns only during the last two phases of discovery: Identification and Exploration.
What is kept at Discovery Definition > CI Classification? ✔✔The ability to create CI Classification. A CI Classification allows Discovery to discover most common operating systems, network devices, and processes.
If no data is returned on Port Scan Phase. What could be a reason? ✔✔Connectivity:
Firewalls prevent connection
IP ranges not correctly defined
Incorrect Behavior deployed (SSH only used on Window)
Classification:
What is Reconciliation? ✔✔Reconciliation rules specify which data sources can update a table or a set of table attributes.
Ensure that there is a reconciliation rule for each data source that is authorized to update an attribute - multiple reconciliation rules can exist for the same set of attributes.
How are Datasource Precedences used? ✔✔If multiple data sources are authorized to update the same table or the same table attributes in the CMDB, assign a priority to each of these data sources to prevent them from overwriting each other's updates.
After an attribute is updated by an authorized data source, any subsequent updates are accepted only from the same data source or from a data source with a higher priority. Updates from a data source with a lower priority are rejected. Without data source precedence rules, data sources can overwrite each other's modifications.
Which Encryption ServiceNow uses to store credential in Discover_credential table? ✔✔3 DES Encryption
What is MID Server default thread limit? ✔✔ 25
Custom parsing strategies are? ✔✔JavaScript
Parsing strategies are part of discovery patterns, which Service Mapping and Discovery use to discover and map configuration items (CIs).
Where can you find what classifiers were used and in which order? ✔✔Node Log File Browser
What can you set in Discovery Configuration Console? ✔✔What kind of CIs and CI information you want to discover.
By default, Discovery finds all the information on your network that is specified in probes and patterns. Use the controls in this console to select the data Discovery adds to the CMDB that your organization needs.
You can control these aspects of Discovery:
- Entire CI types, such as Windows servers.
- Specific CI details, such as OS information.
- Software packages containing keyword terms that you add, such as Hotfix or Security Update.
What to check when trouble shooting Exploration Phase and XML payload does not show up on form? ✔✔Custom probe or sensor is not scripted correctly.
Input error records are not uncommon, especially when Discovery is using custom probes and sensors. Input errors usually mean that the system could not parse the XML data returned with the sensor script.
What will be created if duplicated CI are found? ✔✔De-duplication Task (under Identification/Reconciliation)
If the instance encounters duplicate CIs in the identification and reconciliation process, it does not update or insert the CI. Instead, the instance groups each set of duplicate CIs into a de- duplication task for review. Use de-duplication tasks to track the duplicate CIs until they can be resolved.
On what port does SSH run? ✔✔ 22
On what port does WMI run? ✔✔ 135
On what port does SNMP run? ✔✔ 161
What ways can you validate permissions from a MID Server? ✔✔1. PuTTy for SSH
- WBEMTest for WMI
- iReasoning MIB browser for SNMP
MID Servers in the same cluster should have same capabilities? ✔✔True
How many CI Identifier can we have per CI class? ✔✔ 1
How many CI Identifier entries can we have per CI Identifier? ✔✔No Restriction
In Discovery, which one of the following causes a pattern to fail during discovery? ✔✔No pattern attached to a classification
Which one of the following Discovery phases is the error "No credentials would authenticate, tried" found on? ✔✔Classification
