4 levels of security for administering digital tests and exams

2 August 2022
Colourful illustration of a young student taking an online exam on his laptop. To his right are four locks numbered 1 to 4.

When conducting digital or online exams, what should you pay attention to as a school or institution? And how do you prevent a candidate from accessing non-permitted aids and resources during their exam? These are the 4 different levels of security and measures educational institutions can take to ensure a pure exam administration.

Educational institutions are directly responsible for the secure administration of digital or online exams. This offers vocational schools, colleges and universities a great deal of freedom to make their own choices. But it also presents challenges. When conducting digital exams, what should you pay attention to as an institution? And how do you prevent a candidate from accessing non-permitted aids and resources during their exam?

In this article, we explain 4 different levels of security and the measures you can take to ensure a pure exam administration.


Create a secure digital exam environment

There are several options to secure online exams. For example, a lockdown browser can prevent a student from opening other tabs, using chat programs or taking screenshots during their test. It’s a simple solution that doesn’t require any special technical skills. Plus, it makes digital exams more transparent and fair while minimizing distractions. 

But what if a clever student uses a third-party tool to take screenshots every five seconds? A simple (open source) lockdown browser won’t be able to prevent this. That’s because these types of cheating tools run at a deeper layer of the operating system. 

In other words, if you want to adequately seal off the devices and software used during an exam, you will need additional security measures. After all, the more control you have over a user’s device and operating system, the more opportunities you have to truly ensure fairness.


Get a grip on hardware and software

What complicates matters is the fact that while in some cases user devices are managed, in other cases they’re not. When system administrators lack control over student devices (BYOD), security options are more limited. In such cases students may have to self-install exam software even though their device may be unsuitable for it. Besides, the software can be modified so that exam tools and security measures don’t work as they should – often without your knowing. 

On top of that, it makes a difference whether the device runs in an Apple, Chrome or Windows environment, and whether it’s a Chromebook, MacBook or laptop. Just like some browsers cannot be locked while others can, using many different (unmanaged) devices during an exam will result in uneven exam conditions.

To make it even more complex: it’s not just the browser, the operating system and the device type that matter. Version numbers, updates (iOS) and even serial numbers are important. It’s very well possible that a security measure set on one version of a device doesn’t work on another version. The device itself might be outdated or, for example, run on an old version of iOS. In this case, updates are no longer performed and it is therefore questionable whether the exam program will work properly (or at all).


Decide on the right level of security

To avoid hassle during digital tests and exams, it’s best to work with managed devices. That way you’re unlikely to encounter any surprises. Of course it’s also important to weigh  the purpose and importance of the test against the measures to be taken, as well as the budget and the existing knowledge of the users. The overview below will help you choose the right solution based on different levels of security, taking into account your own preferences and requirements.



Level 1: Full-screen mode (F11)

A frequently used security measure is the so-called full-screen mode. A fixed key combination maximizes the browser and restricts the view to the area below the taskbar. As a result, the candidate won’t be able to see or use any other tabs. In principle, this option is available for all devices and systems. As long as you are properly supervising a class or limit the number of candidates, this can be a great solution. Full-screen mode can also be a good solution for tests of lesser (summative) importance or impact. 

Unfortunately, the full-screen option can be easily bypassed by various key combinations. In many cases, simply pressing the Escape key will do the trick. The candidate can then open other tabs or chat with peers. Plus, full-screen mode doesn’t prevent screenshots from being taken, and clever students could communicate with the device via a Bluetooth headset or phone. In short: it’s a simple solution, but far from secure and definitely unsuitable for high-stakes exams.

Some exam software providers offer teachers the additional option of seeing retroactively, or even in real time, whether students have used the Escape key. Such an alert can then be immediately clarified with the candidate in question while they are still in the exam room. But what if it’s a typo or a problem with the Internet connection, device or browser? Immediately accusing a candidate of cheating is neither fair nor advisable.


Level 2: Lockdown browser

A lockdown browser operates in full-screen mode and cannot be minimized. Unlike the default full-screen option (level 1), users cannot open a new tab or visit other websites. Certain keyboard functions, key combinations, and mouse menus are disabled (e.g., printing, copy and paste, switching between tasks). 

A lockdown browser, such as Safe Exam Browser, always needs to be downloaded and installed, and therefore has more impact on the device and the agreements you need to make about it. Installing programs on outdated and/or unmanaged devices can cause tedious problems. Another thing to keep in mind is that a lockdown browser will not work on all operating systems, including Chromebooks and Chrome OS. There may be workarounds (such as an application or extension), but it won’t be easy.

It should also be remembered that a user agreement must be drawn up, because using a lockdown browser means sharing data. With an open source solution such as the Safe Exam Browser or ‘free’ products, this is a particularly important point to consider carefully. For example, consult parties that have signed the Privacy Covenant or inquire in a timely manner which underlying parties are involved and what agreements the controller has with the subcontractor.    

Finally, a browser solution using open source technology is not recommended for high-stakes testing. While a lockdown browser is a protected environment that belongs to level 2 in terms of security, sneaky programs can still run unnoticed. Moreover, browser security can always be circumvented with a bit of creativity. For example, there are plenty of “Safe Exam Browser Hacks” on YouTube, and articles on how to bypass a lockdown browser are at everyone’s fingertips.


Level 3: Online proctoring

Remote or hybrid tests and exams, or online exams without direct supervision, are increasingly common. On top of the lockdown browser (level 2), there are also solutions available that completely take over the candidate’s device. Online proctoring means that in addition to securing the browser, a remote invigilator can watch and listen to the candidate, whether or not automatically. This is a far-reaching measure, but one that is permitted by the courts in the Netherlands, for example, provided a number of preconditions are met and the purpose is described. 

After the exam, it’s possible to check in the test provider’s system whether any irregularities have occurred. Through the candidate’s camera, chattering or moving candidates and uninvited guests can be easily spotted. During the period of home education, online proctoring proved to be a useful solution for colleges and universities to still be able to test their students, but was later quickly abandoned. 

With online proctoring, different techniques come together – even artificial intelligence (AI). Sometimes it’s even possible to tell whether candidates are engaging in specific cheating behaviors during their test, for example when multiple-choice answers are completed in a matter of minutes. In terms of student privacy, online proctoring is not recommended. Also, it’s technically complex as it places high demands on the candidate’s device.


Level 4: Kiosk mode

A fourth option for administering secure digital exams is the so-called kiosk mode. Kiosk software encloses the entire Windows or Chrome device and ensures that all running applications (whether superficial or deep/hidden) are locked out. Keyboard shortcuts, installed applications and any preferences set can no longer be used. It’s also no longer possible to take screenshots and plugins are disabled. 

A device can be launched into kiosk mode in several ways. System administrators can do the setup, but there are also USB sticks and programs available that install a Linux-like environment to create a stand-alone exam environment. Again, this must be set up by a system administrator. 

The difference between managed and unmanaged devices is important here. In the case of an unmanaged device, the candidate should always check that the exam tool is still working prior to taking the test. Moreover, installing a kiosk solution on unmanaged Chromebooks is as yet anything but simple. The phasing out of ChromeApps and the introduction of progressive web apps will not make this any easier.

For high-stakes exams, BYOD is not a desirable option. Firstly, it can cause additional stress for the candidate and means that the exam setup partly depends on the candidate’s device (battery, functionality, etc.). Plus, institutions that administer exams with the help of external invigilators must ensure proper instruction, as candidates might resort to tricks to avoid taking an exam. For example, setting up 2-factor authentication when “rebooting” and starting up the device. In this case, the candidate will be unable to proceed. 

In short, a fully managed device  – including a set of replacement devices – with kiosk mode is the better option when administering high-stakes tests and exams. 



As an educational institution, you have several options and responsibilities when it comes to (high-stakes) testing. The levels outlined above can provide guidance. Especially now that there are many vendors and solutions on the market, all of which work differently and can in some cases lead to worse rather than improved situations. These solutions range from open source to platform independent. From managed to unmanaged. From a little secure, to super secure. 

Our advice: for important tests and exams, opt for the highest possible level of security possible. Make sure candidates are familiar with the exam environment prior to the test and, if possible, use managed devices that they have already become familiar with in class. After all, familiarity with the device and environment is crucial to a reliable score. 

Do you have questions or are you looking for a suitable solution for your school? Then please contact us at – our experts will be happy to help you with advice on your situation.


Found this helpful? Follow us on your favorite social channel(s) to get many more useful COOL tips and insights about digital and hybrid learning:


LinkedIn   Instagram   Facebook   YouTube



💡 Want to know how COOL can help you manage your digital classroom with ease? Discover all the different ways your COOL virtual teaching assistant saves you valuable time and energy.