Regardless of the specific terminology utilized to characterize unintended advantages – exposure, prior knowledge, cheating, item parameter drift – security concerns in information technology (IT) certification programs are pervasive. Items, forms, and even item banks are often available on the Internet within days of exam publication. As one way of minimizing security risks, Cizek (1999) suggests using “a variety of other assessment approaches” and notes that “performance assessments require students to actually demonstrate their knowledge or skill” (p. 168). Given the content domains and computer-based delivery mode, IT certification exams lend themselves to the development and administration of performance item types, often simulations or emulations. However, little is known about the susceptibility of these item types to exposure. Hypotheses exist that these items are more memorable, and therefore more susceptible to exposure. Others argue that these items are less at risk as even if a candidate has prior knowledge, they still need to complete the task.