Ask the Expert

Ensuring integrity of online cert exams

I see that the SANS security certification exam can be taken at home over the Internet. This is indeed convenient. However, how does SANS ensure that it is the candidate who is answering the questions and without help from "friends." I want to take this exam but am worried that certification won't be regarded too highly because of this. Your insight on this will be very useful.


    Requires Free Membership to View

The question of "exam integrity" strikes right to the heart of the issue and is a primary motivator for many companies like Microsoft, Novell, Cisco and numerous others who require candidates to take their exams at Prometric or VUE testing centers under supervision, or like other security certifications (CISSP, CCP, etc.) offer their exams in proctored situations only at specific times and locations.

There are several ways to respond to your query:

  • Some exam providers elect to trust candidates and give them the option to "cheat" in unsupervised circumstances. The types of exams delivered in such circumstances, however, tend to be much more difficult and demanding than those given under more controlled circumstances. I believe the idea is to so overload a candidate with material, that unless the candidate is familiar and comfortable with that material, all the help (and extra materials) in the world won't enable them to complete the exam successfully anyway.

  • Nearly every certification program in general, and every security certification program I know of, includes a "Code of Ethics" as part of its requirements for would-be certificants. Item # 1 in the SANS NDA and Code of Ethics reads as follows:

    "1. I understand that the requirements for GIAC certification must be completed in full by me and me alone as the certification candidate. I further understand that all work submitted must be my own, and not developed by or in conjunction with other individuals or GIAC candidates. I declare that all of my work is original, and where I may have referenced the work of others, that work is clearly identified, credited, and used with appropriate permission."

    So, if somebody cheats or works with others, they are in violation of the code. If they get caught, they lose their certification.

    While it's true that not many certification programs work this way, I do not think this approach reflects negatively on the SANS credentials. I have not heard or read about them being questioned on the bases of fairness, accuracy or integrity anywhere in the media or newsgroups that I follow, either.

    If you're interested in SANS certification, don't let this characteristic stop you from pursuing those interests.


    For more information on this topic, visit these other searchSecurity resources:
    Best Web Links: Infosec Training, Careers and Events
    Executive Security Briefing: Revisiting the security certification landscape
    Featured Topic: Security certifications


    This was first published in February 2002

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: