Security+ PBQ examples you can actually try
Performance-based questions are the part of Security+ people fear most: instead of picking A, B, C, or D, you configure firewall rules, analyse logs, or order incident-response steps in an interactive console. They usually appear first in the exam and are worth more than multiple-choice questions.
Reading about PBQs isn't the same as doing one. The scenario below is fully interactive — work through it right here, get graded with partial credit, and see exactly how the real thing feels.
Try it: Firewall ACL Configuration
Firewall ACL Configuration
Simulation3.0 Security Architecture
Scenario
Acme Corp has deployed a web server in the DMZ (10.10.10.0/24) that must accept HTTPS traffic from the internet. The internal database server at 192.168.1.100 must only accept MySQL connections from the DMZ web server. You have been tasked with configuring the perimeter firewall and the internal segment firewall to enforce least-privilege access while maintaining business functionality.
Configure the perimeter firewall inbound ACL to allow legitimate HTTPS traffic to the DMZ web server (10.10.10.50) from any internet source, and explicitly deny all other inbound traffic. For each rule field, select the correct value.
Complete all fields across all tasks before submitting.
17 more interactive scenarios
Every style the real exam uses — free account required.
PBQs are only part of it
CertBench pairs hands-on PBQ practice with adaptive exams, spaced repetition, and a readiness score that tells you when you're actually ready to book.
Start studying freeFrequently asked questions
How many PBQs are on the Security+ exam?
Typically 3–5, usually at the very start of the exam. They're worth more than multiple-choice questions, and partial credit is awarded — so never leave one blank.
Should I do PBQs first or skip them?
A common strategy is to flag them, clear the multiple-choice questions for guaranteed points, then return with the remaining time. But practise them enough beforehand and you won't need to skip — they're very learnable.
What topics do Security+ PBQs cover?
Common themes: firewall/ACL configuration, log analysis, matching attacks to mitigations, ordering incident-response steps, and certificate or authentication setups. CertBench has interactive simulations for each style.