That process can present an expensive challenge, however, because organized theft rings can compromise entire tests within three to five weeks of when they're first released, while most IT certification exams are refreshed every 12 to 15 months, Addicott says.
Kainraith admits that's a problem, but he thinks that questions take a bit longer to appear on brain-dump sites, and says CompTIA replaces tests at a rapid pace. "We're able to churn our items a lot faster than 12 to 15 months," he says, although he declined to say how fast.
While CompTIA has the scale and resources to turn over its test questions more quickly, smaller IT certification programs are more limited because the cost of building and maintaining tests ranges from hundreds of dollars per question to thousands of dollars per test item, according to Caveon.
Countermeasures: Tripping up the cheats
Catching cheaters has become its own science. "More candidates are sharing knowledge than we've seen in the past," says Kainrath. But both test centers and IT certification owners have ways of figuring out who's using stolen and shared test data, as well as who might be coming in to steal it.
In addition to using live proctors, Microsoft and others are moving toward online proctoring, which combines the use of a video camera with a live feed of the test taker's screen. While an online proctor is limited by what he can see on a video camera, it's easier to take immediate action against cheaters, Grieve says. Because they can look for suspicious activity at the question level, online proctors can identify cheating sooner and end the test before the candidate can see -- and possibly compromise -- the rest of the exam content.
Test centers also have ways to tell if candidates have been memorizing stolen test questions and answers or sharing knowledge in chat rooms. "We leverage several different publication strategies and question types designed specifically to address cheating," Grieve says.
While Grieve declined to provide details, Addicott says some of the more basic anomalies include people who perform at "superhuman speeds" on the exam or who perform well on items that have been on the test a long time while scoring poorly on newer items -- an indicator that the individual may have memorized stolen test content.
Some IT certification exams also catch people who have memorized stolen test data by including "Trojan Horse" questions that deliberately include the wrong answer in the official answer keys. These questions don't count toward the candidate's overall score, but if the test taker answers a predetermined number of such questions with the incorrect answers listed in the answer key it's assumed that they used stolen information and the test is automatically invalidated, says Addicott.
Certification programs may also use different test designs in an attempt to thwart cheaters who have memorized test questions and answers. These include scrambling the order of questions on any given exam, randomizing the order of answers to multiple-choice questions, having a pool of questions from which to choose from for each test item and giving different candidates in the same test center entirely different versions of the test.