Practice Questions
Top 50 Security+ PBQ Examples: Performance-Based Question Practice
Performance-Based Questions (PBQs) are the most challenging part of the Security+ exam. Practice with 50 PBQ examples covering firewall configuration, log analysis, incident response, network diagrams, and more.
Firewall and Network Configuration PBQs
PBQ Example 1: Place the following firewall rules in the correct order (most specific first) to allow HTTPS traffic from the internal network to a web server in the DMZ while blocking all other traffic.
PBQ Example 2: Given a network diagram with three zones (Internet, DMZ, Internal), drag the following security controls to their correct locations: WAF, IDS, VPN concentrator, firewall.
PBQ Example 3: Configure a stateful firewall rule to allow outbound DNS queries (UDP 53) while blocking inbound DNS queries except from a specific external DNS server at 8.8.8.8.
PBQ Example 4: A network has been compromised. Place these steps in the correct incident response order: isolate affected systems, identify the vulnerability, restore from backup, document lessons learned.
PBQ Example 5: Given a list of firewall log entries, identify which entries indicate a port scan and which indicate a DoS attack.
Incident Response and Forensics PBQs
PBQ Example 6: Order the NIST incident response lifecycle phases correctly: Detection & Analysis, Post-Incident Activity, Preparation, Containment/Eradication/Recovery.
PBQ Example 7: Given a forensic acquisition scenario, select the correct order of steps: hash the original drive, create a forensic image, verify the image hash, analyze the image.
PBQ Example 8: A user reports a phishing email. Select the three correct actions from a list of six options.
PBQ Example 9: Given a SIEM alert showing multiple failed logins followed by a successful login from a foreign IP address, select the correct incident classification and initial response.
PBQ Example 10: Arrange the chain of custody documentation steps in the correct order.
Encryption and PKI PBQs
PBQ Example 11: Drag each encryption algorithm to its correct category: AES (symmetric), RSA (asymmetric), SHA-256 (hashing), 3DES (symmetric), ECC (asymmetric).
PBQ Example 12: Order the steps of a TLS handshake correctly: client hello, server certificate, key exchange, encrypted communication.
PBQ Example 13: Given a scenario where a certificate is revoked, select the correct mechanism (CRL or OCSP) and explain why.
PBQ Example 14: Place the PKI hierarchy components in correct order: Root CA, Intermediate CA, End-Entity Certificate.
PBQ Example 15: A certificate has expired. Select the correct actions to resolve the issue from a list of options.
Access Control and IAM PBQs
PBQ Example 16: Given a list of user access requirements, assign each user to the correct RBAC role (Administrator, Auditor, User).
PBQ Example 17: Order the authentication process steps for Kerberos: obtain TGT, request service ticket, authenticate to KDC, access service.
PBQ Example 18: Select the correct MFA combination for a given security requirement (e.g., password + TOTP, smart card + PIN).
PBQ Example 19: Given an access control scenario, identify whether MAC, DAC, RBAC, or ABAC is being used.
PBQ Example 20: Configure a PAM system to grant temporary admin access for a specific maintenance window.
Tips for PBQ Success
Read the instructions carefully — PBQs have specific interaction methods (drag-and-drop, select from list, order steps, fill in blanks). Flag PBQs and attempt them first while you have the most time, or skip and return — whichever you prefer during practice. Don't leave PBQs blank — partial credit may be possible. Focus on PBQ topics that appear most frequently: firewall configuration, incident response ordering, and forensic steps. Practice with PBQ simulators to get comfortable with the interactive format before exam day.