This feature first appeared in the Spring 2022 issue of Certification Magazine. Click here to get your own print or digital copy.

In my decades of experience inside the information technology (IT) certification sphere, I have found that the vast majority of IT professionals who participate in certification programs are honest individuals. Certification exams are intense, expensive, and difficult, however, and sometimes exam candidates do attempt to bend or break the rules to ensure a favorable outcome.

Cheating happens. And when it does, for a variety of reasons, almost everyone connected to an IT certification program — including exam candidates who legitimately succeed through study and preparation — comes off a little bit worse for the wear. Any certification program owner needs to ensure those who earn credentials by the rules are protected from those who do not.

Of course, there are both personal and professional ramifications for cheating on a certification exam. Losing a job is one potential outcome. Being banned from a certification program is another. If someone has passed an exam due to cheating, then they are unlikely to be able to perform in the workplace.

The ‘integrity of the field’

One of the most important responsibilities of any certification program owner is to protect the integrity of the field. That term comes to us from golf, where playing by the rules is considered a fundamental and integral element of the sport.

I was involved in the first IT Certification Security Council, in operation from 2001 to 2004, where we focused on catching exam cheats. I worked with our company’s legal team to draft Program Rules which were shared with other members.

In essence, the Program Rules define what it takes to participate, and a violation of those rules can lead to the stripping of a credential, invalidating an exam result, and banishment from the program. Potential violations include the sharing or publishing of exam questions, which are the intellectual property of a certification program. This can lead to legal action.

The sharing of the exam questions weakens the credential and hurts those who have passed. Sometimes you will see an IT community site discussing certification exam questions. As long as specific details are not shared, this is permissible. Likewise, giving advice about where and how to study for an exam is OK. Exams will often have a study guide, which can help guide such discussions, or provide study focus.

The sense of achievement that comes from gaining a valued certification is real, and it gives people more confidence at their own jobs. Self-motivated people with this mindset are valued by one and all, especially recruiters and hiring managers. Get a certification the right way, and good things will happen. As Shakespeare put it, “Truth will out.”

The big shift

Over time, my thinking about certification cheaters has changed. In 2022, I think it’s less important to catch exam cheaters in the act, and more important to deflect cheating before it can happen. Making it harder to cheat in the first place is a far more effective use of time — and far more impactful when it comes to stopping cheaters.

Most exams still have guardrails in place to catch cheaters in the act. If certification exams are properly designed and developed, however, then exam cheating becomes a minor issue. Advances in test delivery technology have also made it harder to cheat. COVID has actually benefitted the certification industry in this regard, by speeding up the development of airtight exam delivery.

The best way to combat exam cheaters, though, is in the design of the exam. This means creating scenario-based questions. These are much harder to create, but also substantially harder to cheat on. One cannot effectively memorize them and — combined with the randomized order of the questions as well as the answers — this makes life very difficult for the cheater.

Scenario-based questions are also a better gauge of how well the exam candidate knows the exam subject matter. They call for critical thinking. One cannot guess his or her way through a list of scenario-based questions. Even if someone did get a copy of a scenario-based question before sitting for an exam, choosing the correct answer requires critical thinking, not recall.

These scenario-based questions are a key subset of multiple choice, multiple option exam items. When an exam is properly designed, with a sufficient number of questions to effectively gauge skills and knowledge — 60 is my preference — certification programs have a more than effective means of determining whether exam candidates are job-ready.

Anyone who thinks an exam built out of scenario-based questions is easy to pass has probably never attempted an exam designed this way. Also, a scenario-based exam can scale up or down easily. The return on investment for scenario-based questions is far greater than for more complex performance-based exam items. They cost less to produce, maintain, and deliver.

Cost, if we’re being honest, is why most companies and programs offer simple (and highly cheating-susceptible) multiple-choice exams. While cheating becomes a lesser issue by creating scenario-based exams, exam security guardrails can be and are used. What are some of the guardrails?

Scoring Irregularities: Exam results that fall outside normal parameters are often indicative of cheating (high score) or test item theft (low score). Most test administrators automatically flag an unusually low or high score.

Timing Irregularities: This can also be indicative that an exam candidate is attempting to steal test items. Someone who either clicks through each item in a very short amount of time, or who takes an unusual amount of time on one item, can also attract attention from test proctors.

Testing Center Irregularities: Testing centers themselves can be an issue. I once got a call from a test taker saying that several people were in a room talking over the test answers. All were expelled and the test center shut down.

Location Irregularities: Countries that become known for test item theft, or for consistent cheating, can be shut down entirely. For exam-ready servicemembers in those countries, special arrangements can be made, including having a test center at a military base.

Online remote proctored testing

Online remote testing is in wide use today largely because of the ongoing global COVID-19 pandemic. I became a huge fan of online proctored testing several years ago, once I committed to creating scenario-based exams.

Online test proctors also have guidelines to follow and can stop a test. Some of these are obvious like a person leaving the room, or another person being spotted in the room. There are also patterns being looked at, like a person continuously looking away from the computer screen. Speaking out loud is not allowed. I have seen someone caught with a second person in the room because of a reflection or shadow.

Test takers are asked by the proctor to show the room with the camera before the test begins. Those who refuse to comply properly generally are not allowed to proceed. Once a person is flagged, we look at known associates for similar transgressions — which, lo and behold, are quite often found.

As with other certification exam scenarios, cheating on online proctored exams is rare. I emphasize that a very small minority is responsible for a very large problem. The widespread use of digital badging to deliver certifications is another innovation that is helping to solve a thorny issue. It’s much easier for a certification program to revoke or eliminate a digital badge that to wipe away a paper trail.

Consequences for cheaters

The consequences for those who are caught cheating can be severe. In the past, I have stripped passing candidates of their credentials because of cheating violations and banned them from further interaction with the certification program. If a person on the inside of a certification program is violating the rules, like by sharing test questions, that is grounds for termination.

If a cheater is banned from a program, a partner company or a manager may want to know why. A video of the test taker is often shared to provide verification. Such a video can follow around an individual found to have cheated, an indirect detrimental effect. This goes back to integrity: Does a company want someone who cheated to pass a professional skills and knowledge test? Not likely.

As Berkshire-Hathaway founder Warren Buffett once said: “You're looking for three things, generally, in a person: Intelligence, energy, and integrity. … I tell them, 'Everyone here has intelligence and energy —(they) wouldn't be here otherwise. But the integrity is up to you.”

Sometimes an individual will unintentionally bend the rules with good intentions, while others cross the line without hesitation. Don’t count on confusion or having meant well to save you. Certification program rules are almost universally carefully spelled out and test takers agree to them when taking the exam.

Exam cheat sites

As noted above, sharing certification exam questions and answers is not allowed under any circumstances. A person who shares test content, whether an exam candidate or a certification program employee, is typically expelled from the compromised certification program and permanently banned from future participation. Which raises the question of test cheat sites and how to combat them.

A simple search of any certification exam title typically results in a mix of legitimate exam-connected sites and information about where and how to cheat. Cease-and-desist letters, followed by either threatened or real legal action, can often shut down such sites. Frequent exam updates will also lead to the test cheat sites falling behind, causing them to dry up on account of unhappy customers.

Some certification programs will even insert a Trojan horse exam item, purposely having an obvious wrong answer scored as a correct answer. In such a case, the only individuals who generally answer the question “correctly” are those using test cheat sites. Such individuals are flagged, tagged, and bagged.

Certification programs can also insert verification requirements at other stages of the testing process to trip up cheaters. For example, many programs will mandate that a certification exam can only be taken using a randomly generated voucher code that can only be purchased from the certification provider. Programs can also heighten security by offering exams only at a company facility or conference.

Odds and ends

There will always be individuals and shady organizations that think they can game the system by capturing exam questions. Scenario-based questions are the most effective defense against exam item theft. Even if an exam item is stolen, it’s much more difficult for cheaters to make heads or tails of what the answer should be.

Not all exams are created equal, and some are more susceptible to cheating than others for reasons unrelated to exam security. Many years ago, I had a conversation with an individual who ran an English equivalency exam and they believed it was the most cheated-on exam in the world. The exam was essentially a checkbox for people to achieve for many different reasons.

It is one thing to earn a credential for essentially a checkbox activity, it is quite another if someone will be working with sensitive data. The stakes go up, hence the reason we refer to professional IT certification exams monitored by a proctor as “high-stakes” exams.

Low-stakes exam are unproctored and can even be used as a tool to teach while testing. In fact, cheating or talking amongst a team to come to the correct answer is encouraged. There is still quite a lot of effort to create and administer these types of exams, but they can serve a purpose.

For remote online proctored exams, the best deterrent is a live real-time proctor, one who can stop an exam in progress. Programs that tape exams and then review the exam tape later have already let the candidate complete the exam — which can leave the entire exam exposed to someone who is attempting to steal exam items.

Some programs will not immediately issue a credential when a candidate achieves a passing a score until the exam results have been thoroughly reviewed. Including such a review period in the overall certification process can be an important guardrail against cheaters. This of course will delay the issuing of a credential, but exam candidates who go in expecting such a delay are unlikely to be dissatisfied.

The importance of proper exam preparation

For exam candidates, there’s no reason that cheating should even become a temptation. One of the best deterrents is to properly prepare. Plan your exam preparation window in advance to allow ample time for study, training, and review.

Most certification programs either directly provide or recommend training materials. Hands-on experience is also important to success — labs and other “sandbox” environments can help. Review the exam study guide to see what to focus on. Study groups using the study guides are a great way to learn. Having a mentor or experienced professional conduct these study groups will be very beneficial to success.

Don’t be afraid of failure. Some exam candidates even take an exam knowing they are not likely to succeed, just to get the lay of the land. Reviewing the results of a failed exam attempt can give a clear indication of where to focus future study efforts to ensure a better result on the retake.

When taking an exam, leave the longer scenario-based questions to the end of the exam. Trust your instincts. Do not overthink the material: The obvious answer is most likely the correct one. Be proud of your credential and understand that certification programs want you to succeed — the right way. When credentials are deservedly earned, everyone benefits.

‍