Free Security+ PBQ Library (SY0-701)
25 Realistic Performance-Based Question Labs — Exact Exam Format
PBQs appear first on the real exam, carry 2–2.5× the weight of MCQs, and cause panic in 80% of test-takers. Our labs use drag-and-drop, config forms, and partial credit — exactly like the real thing.
Secure AI / RAG Configuration
Configure a GenAI/RAG pipeline with safety guardrails, toggle security controls, and identify threat mitigations for prompt injection, data poisoning, and model inversion.
Zero Trust Architecture
Place ZTA controls (ZTNA, micro-segmentation, CASB, PAM, continuous auth, JIT) into the correct network zones and answer trade-off questions.
PKI & Cryptography
Build a certificate chain (Root→Intermediate→Leaf), select correct crypto algorithms for use cases, and flag certificates for revocation.
Advanced Linux Hardening
Fix a breached Linux server: repair sshd_config, configure fail2ban jail, set UFW firewall rules, and answer consequence questions about interdependent changes.
BCDR Step Ordering & Trade-offs
Order DR recovery steps, configure RTO/RPO/backup frequency and DR site type within budget constraints, and answer BCDR trade-off questions.
SIEM Rule & Alert Correlation
Select the correct Sigma detection rule, classify alerts to MITRE ATT&CK stages, identify the earliest containment point, and choose the correct SOAR response for a ransomware attack.
Firewall ACL Rules
Configure firewall access control list rules to allow HTTP/HTTPS traffic and restrict database access using least privilege.
Advanced Firewall Configurator
Build a complete firewall ruleset with direction, protocol, CIDR sources, ports, and implicit deny-all policy.
IDS/IPS Alert Analysis
Classify network security alerts as true/false positives or negatives, and select the correct Snort IPS rule action.
Incident Response Phases
Order the 6 NIST incident response phases (PICERL) and classify security actions into the correct phase.
Security Log Analysis
Analyze security logs from 4 hosts to identify the malware origin, infected machines, and clean workstations.
Network Security Diagram
Place security controls (firewall, WAF, IDS, NAC, SIEM, DLP) in the correct positions within a defense-in-depth architecture.
Subnetting Lab
Calculate subnet details (network ID, mask, first/last usable, broadcast) and assign departments using VLSM.
System Hardening
Harden a Linux server: disable unnecessary services, configure SSH securely, and set PAM password policies per CIS benchmarks.
Wireless AP Configuration
Configure an enterprise wireless access point with WPA3, 802.1X/EAP-TLS authentication, and proper security toggles.
PBQ Strategy for the Real Exam
PBQs are at the start. Mark them and answer MCQs first — then return with full confidence.
You earn credit for each correct component. Never leave a PBQ blank — partial credit adds up.
Budget 5-10 minutes per PBQ on the real exam. Practice here to build speed.
PBQs test Domains 3 (Architecture) and 4 (Operations) most heavily — 46% of the exam.