Courseiva
Security+ Study GuideCompTIA Security+ SY0-701

Security+ Performance-Based Questions (PBQs): What to Expect

In CompTIA Security+ SY0-701, PBQs are interactive, scenario-driven tasks that go beyond multiple-choice. Instead of selecting a single answer, you’ll manipulate elements—drag network devices into a t

8 min read
7 sections
Courseiva Study Hub
JA

Reviewed by Johnson Ajibi, MSc IT Security

12+ years in network and security engineering · Founder, JTNetSolutions Limited & Courseiva

GitHubEditorial policyTrust Center

Quick answer

In CompTIA Security+ SY0-701, PBQs are interactive, scenario-driven tasks that go beyond multiple-choice. Instead of selecting a single answer, you’ll manipulate elements—drag network devices into a t

In this guide

  1. 1.What Are Performance-Based Questions (PBQs) on Security+ SY0-701?
  2. 2.What PBQs Actually Look Like: Three Common Formats
  3. 3.Strategy for Time Management When You See PBQs
  4. 4.Common PBQ Scenarios on SY0-701
  5. 5.How to Prepare for PBQs on SY0-701
  6. 6.Common Pitfalls to Avoid
  7. 7.Final Takeaway and Next Steps

Quick answer: Security+ SY0-701 performance-based questions (PBQs) test your ability to apply concepts in realistic scenarios—like configuring a firewall on a network diagram, dragging and dropping security controls into place, or running CLI commands to troubleshoot an issue. They’re scored heavily, so expect 3–5 PBQs at the start of the exam, each with a time limit. Strategy: skip PBQs initially, answer multiple-choice questions first, then return to PBQs with remaining time. Common SY0-701 PBQ scenarios include incident response steps, access control models, wireless security configurations, and log analysis.

What Are Performance-Based Questions (PBQs) on Security+ SY0-701?

In CompTIA Security+ SY0-701, PBQs are interactive, scenario-driven tasks that go beyond multiple-choice. Instead of selecting a single answer, you’ll manipulate elements—drag network devices into a topology, match security controls to threats, or type commands into a simulated terminal. These questions mimic real-world tasks a security professional handles daily, like setting up a DMZ or analyzing a breach timeline.

CompTIA introduced PBQs to validate hands-on skills, not just memorization. On SY0-701, you’ll encounter 3–5 PBQs, typically at the beginning of the exam. They’re weighted heavily—each PBQ can be worth 2–3 times a standard multiple-choice question. Missing one can significantly impact your score, so preparation is critical.

The exam environment uses a custom simulation interface. You won’t use real software like Wireshark or a live firewall—it’s a controlled simulation that tests your logical decision-making. For example, you might see a network diagram with unlabeled devices and a list of security requirements; your job is to drag the correct device (e.g., firewall, IDS, switch) into the right position.

What PBQs Actually Look Like: Three Common Formats

Network Diagrams and Topology Configurations

This is the most common PBQ type on SY0-701. You’ll see a network diagram with blank spaces or unlabeled components. Your task is to drag and drop devices, IP addresses, or security controls into correct positions. For example:

  • Scenario: A small business needs to segment its network into a DMZ, internal LAN, and guest Wi-Fi. You’re given a firewall, router, switch, and an access point. You must place them in the diagram so that the DMZ hosts a web server, the internal LAN contains workstations, and guest traffic is isolated.
  • What you do: Drag the firewall between the internet and the rest of the network. Place the DMZ off a separate interface. Add the access point on a VLAN for guests.
  • Skills tested: Understanding of network segmentation, firewall rules, and VLANs.

These PBQs often include drop-down menus for configuration details—like setting a default deny rule or enabling NAT. You must match the security policy described in the scenario.

Drag-and-Drop Matching and Ordering

Here, you’ll match concepts, steps, or controls to their correct descriptions or sequences. Examples include:

  • Incident response phases: Drag the steps (Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned) into the correct order.
  • Access control models: Match definitions to DAC, MAC, RBAC, or ABAC.
  • Attack types: Drag a description (e.g., “attacker intercepts communication between two parties”) to the correct term (e.g., “man-in-the-middle”).

These are relatively straightforward if you’ve studied the CompTIA objectives. But they can be tricky—CompTIA may include distractors (incorrect options) that look plausible. For example, “Eradication” and “Containment” are often swapped in incident response sequences.

CLI Simulations

CLI simulations are rarer but appear on SY0-701. You’ll see a command-line interface in a simulated terminal. Your task might be to:

  • Run a command to check firewall rules: iptables -L -n
  • View logs: tail -f /var/log/auth.log
  • Configure a setting: netsh advfirewall set allprofiles state on

You type the command and see the output. The PBQ then asks you to interpret the result—like identifying an open port or a failed login attempt. You won’t need to memorize every command, but you should know common ones for Linux (e.g., grep, ps, netstat) and Windows (e.g., ipconfig, netstat -an, tasklist).

Pro tip: The CLI simulation is case-sensitive and expects exact syntax. If you type iptables -L -N (capital N), it may fail. Practice basic commands in a lab environment before exam day.

Strategy for Time Management When You See PBQs

The biggest mistake candidates make is spending too much time on PBQs early in the exam. SY0-701 gives you 90 minutes for up to 90 questions, including PBQs. A single PBQ can take 5–10 minutes if you’re meticulous. Here’s a proven strategy:

Skip PBQs Initially

When the exam starts, you’ll likely see PBQs first. Do not attempt them immediately. Instead, mark them for review and move to the multiple-choice questions. Answer all multiple-choice questions first—they’re faster and build confidence. This ensures you don’t run out of time on easier questions while wrestling with a complex PBQ.

Allocate Time After Multiple-Choice

After finishing multiple-choice (typically 45–60 minutes in), return to PBQs. You’ll have 30–45 minutes left for 3–5 PBQs, which is roughly 6–10 minutes per PBQ. If you get stuck on one after 10 minutes, guess strategically and move on. A partial answer may still earn partial credit—CompTIA sometimes awards points for correct elements within a PBQ.

Read the Scenario Carefully

PBQ scenarios are dense. Skim the requirements first, then examine the interactive elements. For example, if a network diagram PBQ says “ensure the web server is accessible from the internet but the database server is not,” focus on placing the firewall and DMZ correctly. Don’t waste time on irrelevant details.

Practice Time-Boxed Drills

Before exam day, simulate PBQs under timed conditions. Use practice platforms (like Courseiva’s free questions) that include interactive simulations. Set a timer for 10 minutes per PBQ and force yourself to move on. This builds mental discipline.

Common PBQ Scenarios on SY0-701

Based on exam objectives and community feedback, these PBQ topics are most likely to appear:

PBQ Type Common Scenario Key Skills Tested
Network Diagram Configure a small office network with VLANs, DMZ, and firewall rules Segmentation, ACLs, default deny
Drag-and-Drop Order incident response phases or match attack types to definitions IR lifecycle, threat categorization
CLI Simulation Run netstat -an to identify open ports or cat /var/log/syslog for anomalies Command basics, log interpretation
Access Control Match users to RBAC roles or set permissions on a file server DAC, MAC, RBAC, ABAC
Wireless Security Place WPA3, MAC filtering, and captive portal on a Wi-Fi map Encryption standards, authentication methods

Incident Response PBQ Example

You’re given a timeline of events: “User reports phishing email at 10:00 AM. IT disconnects system at 10:15 AM. Forensic analysis begins at 11:00 AM.” You must drag steps to match phases: Detection (user report), Containment (disconnect), Eradication (remove malware), Recovery (restore from backup). The distractor might be “Preparation” (done before the incident) or “Lessons Learned” (after recovery). This tests your understanding of the NIST IR framework.

Log Analysis PBQ Example

A simulated log shows multiple failed SSH attempts from IP 192.168.1.100. The question: “Identify the type of attack.” Options: brute force, DDoS, man-in-the-middle, or phishing. You’d select brute force. A more complex version might ask you to run grep "Failed password" /var/log/auth.log | wc -l to count attempts, then interpret the result.

How to Prepare for PBQs on SY0-701

Hands-On Labs Are Non-Negotiable

You can’t pass PBQs by reading alone. Use virtual labs (like those on TryHackMe, CompTIA CertMaster, or Courseiva’s practice platform) to configure firewalls, run CLI commands, and analyze logs. For example:

  • Set up a virtual network with VirtualBox and practice placing devices in a DMZ.
  • Use iptables on a Linux VM to block specific traffic.
  • Analyze sample logs from sources like the SecRepo dataset.

Focus on the SY0-701 Objectives

CompTIA publishes exam objectives (available free on their site). PBQs align directly with domains:

  • Domain 1.0: Attacks, Threats, and Vulnerabilities (20%) – drag-and-drop attack types.
  • Domain 2.0: Architecture and Design (20%) – network diagram PBQs.
  • Domain 3.0: Implementation (25%) – CLI simulations for access controls.
  • Domain 4.0: Operations and Incident Response (18%) – incident response ordering.
  • Domain 5.0: Governance, Risk, and Compliance (17%) – policy matching.

Spend extra time on Domains 2 and 3, as they’re PBQ-heavy.

Use Free Practice Questions

Courseiva offers free Security+ practice questions that include PBQ simulations. These mimic the exam interface and provide instant feedback. Practice 2–3 PBQs daily for two weeks before your exam. This builds pattern recognition—you’ll start noticing common traps (like misordered IR steps) and learn to spot distractors.

Common Pitfalls to Avoid

Overthinking the interface: The simulation is simplified. Don’t expect advanced features like subnetting calculators. If a PBQ asks you to assign an IP address, it’s usually a dropdown with obvious choices (e.g., 192.168.1.1 vs. 10.0.0.1).

Ignoring the scenario context: Every PBQ has a written prompt. It’s easy to jump straight into dragging elements, but the prompt often contains critical constraints—like “this company uses WPA2-Enterprise” or “the server must be isolated from the internet.” Read it twice.

Rushing through multiple choice to save time: This backfires. Multiple-choice questions are your foundation. Answer them carefully, then use remaining time for PBQs. A rushed multiple-choice mistake can cost you as much as a PBQ error.

Final Takeaway and Next Steps

PBQs on Security+ SY0-701 are challenging but conquerable with the right approach. They test applied knowledge, not rote memorization. Focus on three pillars: understanding common formats (network diagrams, drag-and-drop, CLI), managing time by skipping PBQs initially, and practicing with hands-on labs. Master these, and you’ll turn PBQs into a scoring opportunity rather than a stress source.

Your next move: Head over to Courseiva.com for free Security+ practice questions that include realistic PBQ simulations. Start with the “SY0-701 PBQ Sampler” to test your skills in a low-pressure environment. Build confidence before exam day—your certification depends on it.

Practise Security+ questions

Original exam-style practice questions with detailed, explained answers. Track your weak topics and review missed questions before exam day.

Security+ practice testAll Security+ questions

Courseiva provides free IT certification practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics. Explore related practice questions for Cisco, CompTIA, Microsoft Azure, AWS, and other certification exams.