If it is capable of injecting itself into the MBR or EUFI/BIOS, it poses a very real risk even if you run dual boot. It's interesting it doesn't work inside a VM. Even some of the most DRM infected applications manage to run there. I wouldn't install this software period.
If forced, have them give you a laptop to run the test on.
I took a quick look at the invasive "LockDown Browser" by extracting the Setup. Seems to be a customized version of Google Chrome. Perhaps most interestingly is the fact they do not give any credit to Chrome in their license file. Pretty sure that's a license violation.
What they do mention in their license file is this gem:
Respondus collects data to operate effectively and to strive to provide you with the best experience with LockDown Browser. You provide some of this data directly, such as when you contact us for support. Some data is obtained by recording how you interact with LockDown Browser by, for example, receiving error reports or usage data from software running on your device. Some data is obtained by how you interact with the assessment delivery system, such as the amount of time spent answering a question. The data we collect within the Help Services depends on the features you use, and includes the following:
Webcam & Microphone Check. The webcam and microphone check streams video and audio from your webcam to the Respondus servers. The video and audio can then be played back by you to ensure the webcam and microphone are working properly. The video and audio recorded during the webcam and microphone check is stored in temporary cache on the Respondus server and is automatically deleted in about an hour. Persistent storage is not used for these recordings, and Respondus does not provide a way to electronically identify the recordings as being transmitted from a specific user.
System Check. The System Check gathers certain information from your computing device, the networking environment, and the institution's Learning Management System.
All data gathered during the System Check is presented to you on your screen, including a unique System Check ID. The System Check does NOT contain username, user ID, or the password used to access the institution's Learning Management System.
You have the option to send System Check results by email, and if so, you must enter an email address for the recipient of the email message. If the System Check results are sent by email, log files from software of LockDown Browser are additionally transmitted to a Respondus server. Log files contain details of the interaction between LockDown Browser and your institution's Learning Management System, from the time you log into the Learning Management System using LockDown Browser until the session is exited or terminated. Log files are stored locally on your computer in an encrypted format and, if transmitted to Respondus, are sent in encrypted format over HTTPS. Log files do NOT contain user name, user ID, or the password used to access the institution's Learning Management System.
System Check data and log files may be sent to a Respondus web server or a third party cloud server for storage and further processing by Respondus. Respondus may use System Check data and log files to assist you with a technical issue. Respondus may also aggregate and analyze the System Check data to, for example, improve the Software or its technical support services. System Check data and log files aren't sold, distributed, or made available to affiliate or third party businesses.
It is illegal to force data collection in some jurisdictions, especially on a student's personal property. I think there's a very real legal opportunity here. Try contacting the EFF?