Security+ PBQ examples you can actually try

Performance-based questions are the part of Security+ people fear most: instead of picking A, B, C, or D, you configure firewall rules, analyse logs, or order incident-response steps in an interactive console. They usually appear first in the exam and are worth more than multiple-choice questions.

Reading about PBQs isn't the same as doing one. The scenario below is fully interactive — work through it right here, get graded with partial credit, and see exactly how the real thing feels.

Try it: Firewall ACL Configuration

Firewall ACL Configuration

Simulation

3.0 Security Architecture

Scenario

Acme Corp has deployed a web server in the DMZ (10.10.10.0/24) that must accept HTTPS traffic from the internet. The internal database server at 192.168.1.100 must only accept MySQL connections from the DMZ web server. You have been tasked with configuring the perimeter firewall and the internal segment firewall to enforce least-privilege access while maintaining business functionality.

Configure the perimeter firewall inbound ACL to allow legitimate HTTPS traffic to the DMZ web server (10.10.10.50) from any internet source, and explicitly deny all other inbound traffic. For each rule field, select the correct value.

Task 1 of 3

Complete all fields across all tasks before submitting.

17 more interactive scenarios

Every style the real exam uses — free account required.

PBQs are only part of it

CertBench pairs hands-on PBQ practice with adaptive exams, spaced repetition, and a readiness score that tells you when you're actually ready to book.

Start studying free

Frequently asked questions

How many PBQs are on the Security+ exam?

Typically 3–5, usually at the very start of the exam. They're worth more than multiple-choice questions, and partial credit is awarded — so never leave one blank.

Should I do PBQs first or skip them?

A common strategy is to flag them, clear the multiple-choice questions for guaranteed points, then return with the remaining time. But practise them enough beforehand and you won't need to skip — they're very learnable.

What topics do Security+ PBQs cover?

Common themes: firewall/ACL configuration, log analysis, matching attacks to mitigations, ordering incident-response steps, and certificate or authentication setups. CertBench has interactive simulations for each style.