What do you agree to when you sign a certification exam NDA?
When you sign a certification exam NDA (non-disclosure agreement), you agree not to share, reproduce, discuss, or distribute exam questions, answer choices, or specific exam content after the exam. This includes online forums, social media, and private messages. The agreement typically prohibits using "unauthorized preparation materials" that include actual exam questions. Violations can result in score cancellation, certification revocation, and bans from future exams.
Every major IT and professional certification exam requires candidates to agree to a non-disclosure agreement before entering the testing center or beginning an online proctored session. Many candidates click through this agreement without reading it carefully, leading to misunderstandings about what is and is not permitted after an exam.
Understanding what you agree to -- and what vendors can actually enforce -- is essential for every certification candidate.
What NDA Agreements Typically Cover
While specific language varies by vendor, certification exam NDAs typically prohibit:
| Prohibited Action | Examples |
|---|---|
| Sharing specific exam questions | Posting questions on forums, social media, or messaging apps |
| Sharing answer choices | Discussing which options appeared for a specific question |
| Discussing question topics | Describing the exact topics covered in specific question scenarios |
| Recording exam content | Screenshots, notes, or audio recording during the exam |
| Distributing exam content | Posting questions on exam prep websites |
| Using unauthorized materials | Using products containing actual exam questions to prepare |
What is typically permitted:
- Discussing your general exam experience (difficulty, which domains felt heaviest, how long it took)
- Discussing certification content that is available in official documentation
- Recommending study resources
- Sharing your score (or not sharing it; that is your choice)
- Describing the types of questions (scenario-based, simulation, multiple choice) without sharing specific content
NDA Policies by Major Vendor
CompTIA
CompTIA's candidate agreement is one of the most actively enforced in the industry. CompTIA employs a dedicated security team that monitors online communities for shared exam content. Key provisions include:
- Prohibition on sharing any exam questions, answer options, or scenarios
- Prohibition on using any third-party preparation materials that contain actual exam questions
- Requirement to report suspected exam fraud to CompTIA
- Penalties ranging from score cancellation to lifetime ban from CompTIA exams
CompTIA also maintains a network of retired question indicators. When a question appears on exam prep sites, CompTIA can track which exam windows it came from and investigate candidates who sat during those windows.
Cisco
Cisco's certification policy includes similarly strict NDA provisions and adds specific language about "exam disclosure" which covers:
- Memorizing questions to post online
- Using questions obtained from others in preparation
- Participating in groups organized to share exam content
Cisco has conducted several high-profile investigations resulting in mass credential invalidations.
Amazon Web Services
AWS requires candidates to agree to the AWS Certification Exam Agreement, which prohibits reproducing, distributing, or disclosing exam content. AWS notes that its exams are updated regularly in part to maintain security, but this does not protect candidates who used shared content from earlier exam versions.
Microsoft
Microsoft's certification program agreement prohibits sharing exam items and using unauthorized preparation materials. Microsoft Certification team audits unusual score patterns and has revoked certifications from candidates where statistical evidence suggested use of unauthorized materials.
(ISC)2 CISSP
(ISC)2 has an ethics-based certification framework where maintaining exam integrity is tied to the ISC2 Code of Ethics that all members must follow. Violations can result in CISSP revocation and removal from ISC2 membership, which affects multiple credentials for members holding several ISC2 certifications.
"The certification NDA is not a formality. Vendors invest enormous resources in developing valid, reliable exams. Sharing exam content undermines the validity of credentials that the entire industry depends on." -- CompTIA certification integrity documentation
The "Unauthorized Materials" Clause
The provision that catches many candidates by surprise is the prohibition on using "unauthorized preparation materials." This clause is present in most modern certification agreements and its implications are broader than many candidates realize.
Under this clause:
- Purchasing and using exam dumps before an exam (even before signing the NDA for your specific sitting) may violate the agreement
- Using "brain dumps" -- materials containing questions that previous candidates memorized and shared -- is covered
- The prohibition applies even if you did not know the material was derived from actual exam questions
Not all vendors enforce this provision equally aggressively, but the legal exposure exists regardless of enforcement probability.
What Vendors Can Actually Detect and Enforce
Certification vendors use several techniques to identify exam integrity violations:
Psychometric analysis -- Statistical analysis identifies questions where correct answer rates are unusually high, particularly among candidates who appear to have insufficient preparation depth. This signals potential dump use.
Pattern detection -- When multiple candidates answer the same unusual combination of questions correctly, statistical correlation analysis can identify shared preparation materials.
Website monitoring -- Vendors monitor exam preparation websites and online communities for shared exam content. When specific questions are identified, vendors can trace them to specific exam windows.
Employer notifications -- Some employers require background checks that include certification verification. Vendors cooperate with these verifications and can disclose if a credential has been flagged.
Ethical Considerations Beyond Legal Risk
Beyond the legal and contractual risks, there are professional and ethical reasons to avoid exam dumps:
Industry impact -- Certifications function as trust signals in the industry. When a credential becomes known to be widely dump-accessible, employers discount it. This affects everyone who legitimately earned the certification, not just dump users.
Personal competence -- Certifications in technical roles are supposed to validate actual competence. Passing without developing the competence creates professional risk when the knowledge gap becomes apparent in practice.
Professional integrity -- Most professional certifications include ethical codes that extend beyond exam behavior to professional conduct generally. The habits of taking shortcuts and misrepresenting capabilities developed through dump use can have broader professional consequences.
Frequently Asked Questions
Can I discuss an exam with my employer or colleagues after taking it? You can discuss your general exam experience and preparation approach. You cannot share specific questions, answer choices, or question scenarios. Telling your employer "the exam heavily tested VPC networking and routing" is acceptable. Describing specific question scenarios or answer options is not.
What should I do if someone offers me exam dumps to help me prepare? Decline. The professional and legal risks are real regardless of how common the practice appears. Legitimate practice exams from established providers (Tutorials Dojo, Dion Training, MeasureUp, Whizlabs) provide effective exam preparation without these risks.
Are exam NDA violations ever enforced against individuals? Yes. Both CompTIA and Cisco have documented cases of individual candidate investigations, score cancellations, and certification revocations. ISC2 has revoked CISSP memberships for ethics violations including exam integrity issues. The risk is real, even if enforcement affects only a fraction of violators.
References
- CompTIA. (2024). CompTIA Certification Candidate Agreement and Exam Security Policy. https://www.comptia.org/certifications/testing/exam-policies
- Cisco Systems. (2024). Cisco Certifications: Exam Policies and Guidelines. https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/exam-policies.html
- Amazon Web Services. (2024). AWS Certification Exam Agreement. https://aws.amazon.com/certification/certification-agreement/
- Microsoft. (2024). Microsoft Certification Exam Non-Disclosure Agreement and Terms of Use. https://learn.microsoft.com/en-us/credentials/support/exam-non-disclosure-agreement
- ISC2. (2024). ISC2 Code of Ethics. https://www.isc2.org/ethics
- PMI. (2024). PMI Examination Security and Exam Fraud Policy. https://www.pmi.org/certifications/certification-resources/pmi-certification-faqs