Whenever we mention "anti-cheat," the first question is usually "so it's a webcam thing?" It isn't — at least not only. Proctoring software gets the attention because it's visible, but most of the work happens in places candidates never see.
Question-level randomization
The simplest and most effective layer is also the least flashy: no two candidates should see questions in the same order, and where a question bank allows it, no two candidates should see the exact same question. Shuffling answer options matters too — it breaks the value of someone reading answers off a neighbor's screen.
Time-boxing per question, not just per exam
A single exam timer is easy to game by spending the first half copying questions out and the second half answering at leisure. Per-section or per-question time limits remove that option without making the exam feel rushed for someone working through it honestly.
Lockdown behavior
During a CBT session, the test environment should restrict tab-switching, copy-paste, and right-click context menus, and log any attempt to leave the exam window. These events don't have to result in automatic disqualification — they should be flagged for a human to review, alongside a timestamp and what the candidate did next.
Server-side scoring
Grading logic should never live in the client. If the answer key or scoring formula is computable from anything sent to the browser, it can be reverse-engineered. Trupper's exam engine scores every submission server-side, after the exam closes.
Where this leaves proctoring
Webcam and screen-recording proctoring is a useful additional layer, particularly for high-stakes exams, but it's most effective stacked on top of the above — not as a replacement for them. The goal isn't surveillance for its own sake; it's making sure a result actually reflects what a learner knows.