Problem solve Get help with specific problems with your technologies, process and projects.

What is the best way to administer exams to students via computer?

Security pro Mike Rothman discuses the risks associated with implementing computer examinations and offers tips on the best ways to securely offer these types of tests.

I work for a university that is considering having students take examinations on computers. One option is to have lecturers create exams as Microsoft Word files that are uploaded to an HTTPS server and then downloaded in public computer labs, where the students take the exams. Completed exams are uploaded to the HTTPS server. The other option is to have lecturers convert exams to PDF files and upload them to the HTTPS site; the PDFs are downloaded and printed out and students do their exams by hand. Completed exams are scanned and uploaded back to the HTTPS site. It seems obvious to me that excluding the labs from the process would reduce risk considerably. What's your view?
The first issue that jumps out at me is authentication. It's not clear from your brief description how you plan to make sure that the right student is actually the one submitting the document. In the case of the Word file, there is really no way to enforce that, unless some kind of digital signature system is enforced to "sign" the paper as it's submitted.

The case of the uploaded PDFs provides a bit more integrity in the system because handwriting can be verified. I would suggest taking a step back and finding out what the business need is for the students to submit the tests online. Is this a distance learning environment? Is there an issue with using paper? I guess I'm dating myself, but the processes as described seems to be a solution looking for a problem, which isn't clear from your question.

There are many educational learning systems available today that would allow students to take tests online. Filling out questions, either multiple choice or essay and having the data deposited into a database for grading, etc., would be a better option than the kluge that you described.

In terms of the public computer labs, I'm not sure how you would restrict access. In a university setting, students need to be able to access the systems from anywhere on campus. Are you suggesting that they can only take the tests, or upload the files from a central place? Again, that would seem to defeat the purpose of the automation in the first place.

That's why I'll go back to the first statement I made about authentication. If you have the proper way to verify identity, then where the students access the system or upload files doesn't really matter.

For more information:

  • In this tip, Noah Schiffman discusses the positive and negative aspects of both IP-based and signature-based email authentication.
  • Joel Dubin explains why identity-enabled network devices offer an extra layer of authentication.
  • This was last published in January 2008

    Dig Deeper on Two-factor and multifactor authentication strategies

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.