The Morepheus Guide to Kill Dumps and Heal The Certification Industry

by Mirek Burnejko

MorpheusWhen I was starting my IT career I heard about IT certifications. “Man, there is something like CCNA. It’s a certification. If you have it, you can find a job in any country around the world, but it’s amazingly hard to achieve. You must understand everything about networks” – I heard from my friend.

10 years ago certifications had an amazing value. Companies were looking for skilled people and an IT certification was an indicator of true knowledge.

Morpheus: Welcome to the real world.

After a few years something has changed. Dumps, dumps, dumps. Some people in some countries have found a way to steal tests and sell them for people who wanted to pass a certification. For people who didn’t have skills, money, time, you-name-it to achieve a title.


Today, in 2012, most of IT certifications, don’t have any real value. You hear that everywhere: “Certifications these days mean nothing”, “Everyone can pass it”, “Knowledge, not a certification”. But isn’t that a real goal of a certification? Aren’t certifications to give you knowledge, show your value on the market and to make you a hero?

Neo: I know kung fu.
Morpheus: [eyeing him, hand on chin] Show me.

Show Me

Our lovely IT world is strange. We hate dumps. We want to destroy them, but we do nothing. We (IT Specialists), companies that create certifications, examination centers. All we know that dumps kill the real magic of IT certifications and we do nothing. Dumps – stolen copies of real exams are available to anyone. Anyone can buy them and without a preparation pass almost any exam on the planet.

But where is the real problem?

Morpheus: And you are?
Agent Smith: A Smith. Agent Smith.
Morpheus: You all look the same to me.

A person with several certifications (achieved with dumps) goes to an interview to an IT company. An IT Manager with knowledge asks some questions: “Can you describe me how BGP works and what you can do to resolve this problem?”. The person doesn’t know the answer. The person doesn’t know how BGP works. The person cannot prove his knowledge. The IT Manager sees that the person understands nothing. The IT Manager hates that situation. He looks at resume of this silly person and sees several certifications.

Next time he won’t waste his time for a person with these certifications, without an experience.

But where is the REAL problem?

The REAL problem is for people who don’t have an experience y(et). Some of theme work really hard to achieve a certification and to find a better job. But no one cares. These certifications now are worthless. Find a better job, but certifications won’t help you.

Morpheus: This is a war and we are soldiers. Death can come for us at any time, in any place.


Someday you will open you eyes and certifications won’t have any value to employers. From the list of 1700 certifications only 10 will give you any chance to find a better job with them… and we are talking about expert-level certifications. IT Certifications are here to help you (to prove your skills and move to another levels) and here to show your passion to an employer and give you a better job.

How to Heal The Certification Industry with Google?

The Matrix is a system, Neo. That system is our enemy.


Let’s look first at the process. What a normal person does when wants to pass a certification? Where he looks for details about any exam and how to pass it? He uses Google.

What that person does? Type a keyword in the search input and opens few websites from the first page of Google results.

Let’s look at some results:

  • CCNA
    • 1,830,000 people each month seek for this keyword
    • 32,900,000 pages with this keyword in Google
    • 2/10 results are for dumps
  • Network+
    • 230,000 people each month seek for this keyword
    • 3,620,000 pages with this keyword in Google
    • 3/10 results are for dumps
  • Some people use also test numbers – 117-101
    • 210 people each month seek for this keyword
    • 381,000 pages with this keyword in Google
    • 10/10 results are for dumps !!!

[disclaimer: keywords were chosen randomly]

So what a person (without experience and knowledge) can do when sees “98.6% Pass Ratio, 100% money back guarantee”? Do you know the answer?

Solution 1: “The best place to hide a body is on Page 2 of Google’s search results… no one looks there”. Big companies like Cisco, CompTIA or LPI have big budgets (bigger than steal-and-sell companies). Search Engine Optimization – SEO is a key. Just use your power, your SEO experts and move your pages to the first page of Google’s search results and move “their” pages to the second page. It’s possible.

New System?

Stop trying to hit me and hit me.

There are three types of companies: companies that do nothing, companies that try to do something and companies that show a middle finger to dumps.

The biggest group is the second one.

These companies provide tests via Prometric or Pearson VUE. They know about dumps. They want to change something. So what they do?

  • They change questions once a few weeks/months
  • They provide new sets of questions
  • They implement systems that check how long a person answer a single question, to find cheaters

It’s not the solution.
Questions are stolen and will be stolen. These methods don’t work.

Red or Blue

They are guarding all the doors, they are holding all the keys. Which means that sooner or later, someone is going to have to fight them.

Solution 2: Implement the system that will find where and when questions are stolen. Add one mistake for each examination center. Find this examination center. Give them a yellow card. Then give them a red card and stop working with them. It’s hard to implement, but it’s possible… of course if you really want to fight them…

I Didn’t Say It Would be Easy

I didn’t say it would be easy, Neo. I just said it would be the truth.

Some companies don’t care about dumps and do not change questions, we won’t talk about them. I would love to talk about the third group of companies. The companies that don’t fight with dumps because they don’t need to.

Let’s look at three companies: Red Hat, Offensive Security, Hurricane Electric.

  • Red Hat
    • No tests – only practical exams.
    • No questions, no dumps
  • Offensive Security
    • No tests – remote labs.
    • 24/48-hour long fight with real problems
  • Hurricane Electric
    • Free model for the IPv6 Sage title
    • Mixed questions and online tasks

Is it easy to maintenance these exams? Hell no.
Is it cheaper than tests? Hell no.
Does it give more value for their certifications. Hell yes.

Solution 3: It’s 2012. It’s time to implement real exams for real specialists. Not only for expert-level certifications.

You… yes YOU

There are two ways out of that building: one is that scaffold, the other is in their custody. You take a chance either way: I leave it to you.

We can cry that certifications do not have value or we can do something.
What you can do – a single person?

  1. Write simple email to any company that provide certifications or Prometric/PearsonVUE. One email won’t help, 100,000 will.
  2. Do you know something about SEO? Use your knowledge to help official sites. Link to them, use Social Media and even some Gray/Black Hat skills.
  3. DO NOT buy dumps, even for tests. Each dollar is a sign to grow, to invest in SEO, a sells team, etc.

It is our collective responsibility. It’s not a task only for companies like Cisco, Microsoft or IBM. It’s not a task only for examination centers like Prometric or Pearson VUE. It’s not a task only for you and me. It is our collective responsibility.


Trinity: What’s he doing?
Morpheus: He’s beginning to believe.


If you have a second, share your thoughts in the comment section below. Are dumps kill the certification industry? Is there really a problem? Maybe everything’s ok? What is your solution for the problem? I would love to know your opinion.

  • Love this article. Huawei implemented the interview after their HCIE to stop people from dumping, and memorizing the lab like CCIE. Even an interview will stop dumpers.

    • Two questions to you Emilio: 1. How about lower levels: HCDA or HCDP? 2. Do you think a short interview before an exam can help with dumps?

      • For the lower levels of exam, its just a test. Equivalent to CCNA/CCNP with difficulty. An interview before the exam to see the knowledge base would be a great idea, although it would be expensive for the vendor i would imagine. An idea that is in between, is to do what say, EC council and PMI does, you have to fill out a form and validate the years of experience before they let you register. Not too many ways to get around that right? It also costs almost nothing.

  • MaciejKa

    Very good text. I am supporting fighting with dumps!

    • hank banger

      fucking nerds….

  • Noel Benito Sanidad

    Why didn’t they take notice on eCPPT? This is also a practical exam on penetration testing, and just one wrong vulnerability id spells the difference in passing or eventual failing. Trust me, I know because just recently I went through this certification from eLearnSecurity.

    • Hi Noel. Thanks for that. The only reason I didn’t mention more certifications is that I was needed only examples. There are other great programs eCPPT, The Open Group, IASA or Mobile Development Institute, where you don’t have a test.

      • Noel Benito Sanidad

        Hi Mirek! Thanks for clarifying. You’re right what we ought to have are practical exams that really certifies an individual on the basis of his skills not just knowledge of the subject matter.

  • dave

    Wow great insight! I cant really tell if you are being biased against certs or just stating whats wrong the whole process however. Are you still for them?, Would you recommend them still for someone with some experience under their belt? Will employers look for them?, For instance I entered CCNA in dice the other and it return 0 results for the need in upstate NY.

    Right now, it seems the industry has shifted since the last dotcom boom. Although I was just in middle school when the internet really got going I can understand why the need for “certified” individuals at the time. With network/internetworking still being sort of new in the enterprise the need for people with some skill and some knowledge was needed even if that meant only having a cert with no real knowledge.

    The shift I see is since alot of networks and entire infrastructures have been automated. As an example, you have an app that you want to deploy there is no need for entire IT teams with admins, etc to deploy and support your app. With cloud and SaaS deploying and spinning a server in the cloud takes very little knowledge and you have a whole support team that supports that cloud infrastructure.

    And just from experience I applied/inquired about a possible network admin job. I got a response from the CTO stating that they have no IT team only developers and their whole infrastructure is hosted in the cloud.


    • My opinion: certifications are important and will be, but not all 1700. CCNA is still a good starting point for more advanced certs, but not help you with finding a job.

      There are two ways to move from this situation:
      1. Less certs from companies, less dumps, harder exams
      2. More certs, mored dumps – the end of certifications’ value.

      I prefer the first option.

      P.S. Good point with the cloud.

      • dave

        So if I were to get my ccna and i had a bachelors w/exp a ccna will not suffice ? but better yet obtaining a ccnp ?


        • CCNA is better than nothing, CCNP is better than CCNA and so on.
          About value of CCNA -> One of my heroes – Himawan wrote in 2005 an article ->

          “Well, life was becoming easier after I passed CCNA (hey, remember it was early 2000!). One multi-national oil company offered me my first job in IT.” How many companies today give a job to people who pass CCNA? CCNA is still CCNA, but everything around is different.

  • Realitycheck

    Youre an idiot. You think companies dont know that their tests are stolen? Do you know how much money they make off these exams? Please, if the big companies wanted to solve the braindump problem, they wouldnt try a dumbass solution like SEO optimization, LOL! Want to solve brain dumps in a simple and cost effective way? Create each test with a 5000 question test bank. problem solved. Btw, the fact that you think most employers (besides MSPs who rely on IT certs to maintain a partner status) actually care about certifications shows you have NO real world experience in the IT field as most IT managers have no clue nor do they even care about IT certs.

  • Mirek – Very happy to see people who carry IT certifications engaged in this discussion. Those of us who manage IT certification programs have been attempting to innovate on this issue for many years. As you say – it is a difficult issue as we MUST balance access to certification with risk of exam theft.

    At Juniper we have both written and hands on performance exams. I love the performance exams but there are two realities with these. First – they are not scalable to larger audiences (consider cost to develop, maintain and grade for vendors and cost/time to travel, test, travel, test, etc for candidates). So if we want some qualification metric for millions of network engineers so that the industry (and related jobs) can grow providing only performance exams will not work. Second – they are also subject to “dumps”. I know the Juniper legacy exams had active “study groups” (on LinkedIn ironically) where sharing of the tasks etc was very active. Yes – even if you know the task you have to actually do it – but you don’t have to really KNOW it cold.

    I do agree we need to continue to innovate on this issue – and Juniper’s recent move to Pearson VUE is one step in many we are taking on this front. PVUE is committed to innovation and exam security – so you may see things like components of performance based questions (REAL performance based – not just simulations) buried in written exams for Juniper in the coming years.

    HOWEVER – the key strategy for fighting brain dumps is not mentioned above – and that implementing processes for identifying when a candidate has had prior access to the exam questions/answers and revoking their exam/certification. At Juniper we have been doing this since January this year. The result is 1) candidates who have “short cut” the exam prep process and do not surely understand the content are not certified, 2) brain dumps may find themselves with less demand for exams as candidates realize the consequences of using these materials.

    Again – thanks for opening this discussion. I am enjoying hearing all these thoughts.

    Liz Burns
    Sr. Manager – Juniper Networks Certification Program

  • Gavin M

    How about the inclusion of free text questions? Keep the multiple choice exam questions, but have an open ended question (or three) that gets reviewed by a real examiner (or, go one step further and publish the answers online for peer review).

    Perhaps mark them in the same way a lot of academic questions are marked, and give marks for showing workings / being logical, even if the end answer is wrong.

    The questions would almost definitely still be leaked, but imagine the response from someone who has dumped a CCNA exam if they were faced with a free-text question they didn’t know the answer to, despite already answering several multiple-choice questions on the subject!

    Yes, this will be more expensive, and you will lose the instant feedback pass/fail, but this could be a real test of someone’s skill.

  • prof kamarul

    Do as Redhat, performance exam only.
    We know IT vendor also make money through their certification offering.
    It is not the IT vendors suffer from this problem but you the users.
    Say no to multiple choice kind of exam.
    Redhat can, the others can too.

  • Arun Raju

    Dumps not only affect the industry but takes a serious swipe at the morale and motivation of the concerned individual.

  • Key question:

    Who is the Architector of Matrix?)

  • Vikas Dabas

    Nice Thought