A camera could be hidden amongst other objects on a shelf, pointing at the computer screen.
Screen recording or sharing software not detected by the proctoring program could be used, this has already been done for OSCP.
In addition to leaking questions, the candidate could be facing a window or door, or electronic picture display, allowing an accomplice who's following the test (as above) to hold up signs giving hints.
> gidyn (Newcomer III) posted a new topic in Exams on 01-12-2021 02:28 AM in the
> ISC2 are running a trial for remote testing.
Oh, this is an absolutely fabulous exercise! Not the remote testing: the opportunity to do a risk analysis on this hugely threat-filled idea.
I mean, it's not just the security of the test bank items, although that's a whole field of study in itself.
We'll leave the preparation of the exam, since that is already happening, and so must have been considered.
The next step is the choice of site. Is it selected from sites provided? Provided by whom? How do we trust the provider? What restrictions or controls do we need at the site? Is the site proctored or not? How do we trust and/or choose the proctors?
Then there is delivery of the exam to the site. Is it delivered digitally, or physically? Is it delivered as one exam, or as individual questions?
Then the process of sitting the exam at the site. Then the delivery and/or marking of answers.