Relying on a timer solely on the client could be a problem because someone might hack it (to give the quiz-taker more time) and make a bookmarklet out of the hack.
If it's at a kiosk that is not on the internet, you won't have to worry about that problem. If it's on the 'net, you have to take measures.
You could have a timer on the server and use keep-alive. Alternatively, you could consider a combined approach, using a timer on the server and something on the client (setTimeout, or http refresh or http redirect).