A Testing Horror Movie

Written by David Foster, CEO of Caveon

There is a funny television commercial where a group of friends is running from an unseen danger, seeking a place to hide. They make several panicked suggestions to each other including hiding in an attic and a basement. They finally decide to hide behind a wall of chainsaws. The point was that in a horror movie you make poor decisions.

For a high-stakes testing program, the number and variety of test security threats would rival any horror movie, and the potential and actual damage can keep you up at night. In the light of day, it makes sense to be aware of those threats—and what to do about them—in order to make better decisions than the group in the commercial.

For years now I’ve talked about using a threat-based approach to security, eventually producing a list of 12 test security threat categories, divided equally between cheating and theft. In its simplest form, here is the list:

Cheating Threats

  • Using Pre-Knowledge of Test Questions
  • Using a Proxy Test Taker
  • Getting Help During the Test
  • Using Cheating Aids
  • Tampering with Scores after the Test
  • Copying from Another Person During the Test

Theft Threats

  • Capturing Downloaded Test Files on a Server or Stealing Test Booklets
  • Photographing Test Content During the Exam
  • Copying the Test Content Electronically
  • Memorizing the Test
  • Recording the Content Orally on a Recorder
  • Receiving the Test Content from a Testing Program Insider

For each of these there are dozens, or maybe even hundreds, of different ways the threat can be carried out.

By reviewing this list, a program can evaluate which threats pose the greatest danger or risk. The program can then put in place a carefully-crafted solution to prevent a possible breach or deter an attacker. It can set up a defense in order to better detect the beginnings of a breach or to mitigate any potential damage.

There are several reasons why avoidable test security breaches occur. Some testing programs will be surprised by a breach, and then be focused for months and years on future solutions for that specific breach, ignoring other dangers. A program may rely on a single security solution, such as requiring proctoring for their exam, not realizing that there are many threats to the security of a program that a proctor cannot detect or do anything about. Programs may not be aware how technology is being used today to cheat or to steal a program’s tests. Or a program is simply not funded adequately to protect the tests and usefulness of the test scores. These programs are living in a real horror movie with no control over the ending.

The good news is that great decisions can be made; risks of cheating and test piracy can be eliminated or mitigated. Good solutions are available. There is no reason to be in a horror movie to begin with or to stay there any longer than is necessary.

The CompTIA A+ 900 Series: What’s New

By: Robin Abernathy, Content Developer for Kaplan IT

It’s that time again! CompTIA has released a new version of the A+ certification by rolling out the 220-901 and 220-902 exams on December 15. The 220-801 and 220-802 exams are still available, but will retire June 30, 2016 in the United States. This deadline should give you enough time to finish studying for the 800 series if you have already taken one test, because you cannot mix and match exam versions. If you pass the 220-801 or 220-802 exam, you must pass the other 800-series exam to obtain your A+. If you pass the 220-901 or 220-902 exam, you must take the other 900-series exam to obtain the A+.

Once again, with a new release, we see another small shift in the structure and topic coverage of the two exams. Years ago (and I am going to date myself here), the two exams were referred to as a Hardware exam and a Software exam. While I think the topic coverage is moving in this direction again, CompTIA is NOT referring to them in these terms, and all documentation from CompTIA will refer to them as 220-901 and 220-902. Broadly, though, I think of the tests as “hardware and networking” and “software and security.”

For the 220-901 exam, you will be expected to understand installing, configuring, and troubleshooting desktop, laptop, mobile device, and printer hardware, as well as basic networking topics. The breakdown of the exam’s topics are as follows:

o    Hardware – 34% o    Networking – 21%

o    Mobile Devices – 17%

o    Hardware & Network Troubleshooting – 28%

For the 220-902 exam, you will be expected to understand installing, configuring, and troubleshooting Windows Vista, Windows 7, Windows 8, Windows 8.1, Mac OS, Linux, and mobile device operating systems. (Notice that Windows 10 is NOT included in this list.) It  includes virtualization, cloud, and. server technologies. It also covers security, including security devices and configuring and troubleshooting security components. Finally, it covers those soft skills and operational procedures required by the IT technician. The breakdown of the exam’s topics are as follows:

o    Windows Operating System – 29%

o    Other Operating Systems & Technologies – 12%

o    Security – 22% o    Software Troubleshooting – 24%

o    Operational Procedures – 13%

When the 800-series A+ was released back in 2012, many test candidates decided to knock out both exams on the same day because there was so much overlap between the topics being covered. For those exams, this was probably a good strategy. But with the 900-series exams, the structure has changed enough that I would suggest that you prepare to take them separately, NOT on the same day. As you can see from the topic listings above, there is hardly any overlap between the two exams.

CompTIA has launched a new CompTIA Instructor Network (CIN), which I encourage all CompTIA instructors to join. It’s easy as going here to sign up. It is a great way to network with other instructors. Recently, they started a Deep Dive series of Webinars on the new A+ exams! To access the A+ Deep Dive series, go here.

Watch for my upcoming posts!