You've heard PBQs are the hardest part of CompTIA exams. Candidates talk about them in hushed tones on r/CompTIA. Study guides warn you about them in a single paragraph, then move on. But what actually is a PBQ? If you're new to CompTIA or just starting your study journey, the uncertainty about this one question can loom over your entire prep — and go into the exam unresolved.
This guide answers it plainly. By the end, you'll know exactly what a performance-based question is, how it works on exam day, what types appear on Security+ and Network+, why they catch so many candidates off guard, and how to prepare so they don't catch you. No fluff — just what you need to know before you sit down for your exam.
What Does PBQ Stand For?
PBQ stands for Performance-Based Question. It's CompTIA's term for interactive exam items that simulate real-world IT tasks inside the exam environment.
Traditional multiple-choice questions test whether you can recall or recognize information. PBQs test whether you can actually do something — configure a firewall, read a network diagram, troubleshoot a CLI session, or assign correct certificates in a PKI hierarchy. The difference is significant. Reading about how a thing works is a different cognitive skill from executing it under time pressure.
CompTIA introduced PBQs to close the gap between certification and job readiness. An employer hiring a Security+ or Network+ holder wants confidence that the person can handle real tasks, not just ace a trivia test. PBQs are CompTIA's attempt to make certification meaningful at the practical level. They've been part of the exam format for over a decade and have become progressively more realistic with each version update.
How PBQs Work on Exam Day
Knowing the mechanics before you sit down removes a layer of cognitive load on exam day. Here's exactly what to expect:
- They appear at the start of the exam. PBQs load before the standard multiple-choice questions. Most candidates see them as the very first items in their session.
- Most candidates skip them and return at the end. This is the standard strategy — flag PBQs, move through all MCQs first, then return. You bank time on faster questions and build confidence before tackling the interactive items. (More on this below.)
- They run inside a simulated environment. Depending on the PBQ type, you might be dragging and dropping components onto a diagram, typing commands into a simulated CLI, filling in configuration fields in a GUI, or labeling elements in a network topology. The environment varies by question.
- You'll typically see 3–6 PBQs per exam. The exact number varies by exam version and test form. Security+ SY0-701 typically has 3–5; Network+ N10-009 tends to have 4–6.
- Partial credit is possible. PBQs aren't always all-or-nothing. Some questions have multiple sub-tasks, and you can earn partial credit for completing some correctly even if others are wrong. This makes partial completion better than skipping entirely — always attempt something.
Key mechanic: PBQs do not have a time limit separate from the overall exam. You have the same total pool of time for everything. A complex PBQ can take 5–15 minutes, which is why the skip-and-return strategy exists.
PBQ Examples by Exam
The specific PBQ types you'll face depend on which exam you're taking. Here's a breakdown of what appears most frequently on the two most popular CompTIA certifications.
Security+ SY0-701 PBQ Examples
- Firewall rule configuration — Create or modify ACL rules to allow or block specific traffic based on IP, port, and protocol. You might be given a policy and asked to implement it in a simulated firewall interface.
- VPN / IPSec setup — Configure tunnel parameters for a site-to-site or remote-access VPN. This includes matching Phase 1 and Phase 2 settings: IKE version, encryption algorithm, hashing, and authentication method.
- Log analysis — Read through a SIEM or server log dump and identify an infected host, attack type, or anomalous event. You'll be looking for patterns like brute-force attempts, C2 callbacks, or privilege escalation events.
- PKI / certificate tasks — Manage certificate lifecycle, configure trust chains, identify certificate errors (expired, self-signed, untrusted), or set up OCSP/CRL correctly.
- Cloud security architecture — Drag WAFs, load balancers, firewalls, and security groups into the correct positions in a three-tier cloud architecture diagram.
Network+ N10-009 PBQ Examples
- Subnetting / CIDR calculations — Given a network address and requirements, calculate and assign correct subnets. These can be fill-in-the-blank or drag-and-drop format.
- Network diagram configuration — Place routers, switches, access points, and other devices correctly in a topology, or identify misconfigurations in an existing diagram.
- CLI troubleshooting — Use simulated command-line output from tools like
ping,tracert,ipconfig, andnetstatto diagnose a connectivity issue and identify the root cause. - VLAN configuration — Assign ports to VLANs, configure trunk links, and verify inter-VLAN routing settings in a simulated switch interface.
- Wireless setup scenarios — Configure SSID, channel selection, security mode (WPA3, WPA2), and authentication settings for a wireless deployment scenario.
Why PBQs Trip Up So Many Candidates
Based on consistent reports from r/CompTIA and CompTIA study communities, PBQs are the single most common surprise on exam day. Here's why:
- Most study materials focus almost entirely on MCQs. Flashcard apps, video courses, and practice test banks are optimized for multiple-choice. PBQ practice is an afterthought in most prep resources. Candidates spend 90% of their time on MCQs and then face 3–6 interactive tasks they've never actually practiced.
- Reading about a task is completely different from doing it. You can know exactly what a firewall ACL does and still freeze when confronted with a simulated interface and a 10-minute clock. Procedural memory — the kind built through repetition and practice — doesn't develop from reading. It develops from doing.
- Time pressure amplifies the difficulty. A PBQ that might take 20 minutes with no time constraint becomes much harder when you're 45 minutes into an exam and watching your remaining time. Candidates who haven't practiced under pressure often spend too long on a single PBQ and run short on time for the rest.
- Unfamiliar interfaces add cognitive load. Even if you know the content, navigating a simulated GUI or CLI you've never seen before burns mental energy. Candidates who've spent time with real tools recognize the interface patterns immediately; those who haven't have to figure out the interface and the task simultaneously.
The consistent takeaway from the CompTIA community: PBQs aren't harder than the MCQs in terms of subject matter. They're harder because most candidates don't practice the right format.
How to Actually Prepare for PBQs
Preparation for PBQs is straightforward once you understand what you're actually building: not more knowledge, but practical fluency with specific scenario types.
- Practice the scenario types, not just the concepts. Don't just study what a firewall ACL does — configure one. Don't just read about subnetting — do the math on real IP ranges until it's automatic. The goal is procedural memory, and that only comes from repetition.
- Use free tools. Cisco Packet Tracer (free download) covers a huge range of Network+ PBQ scenarios. For Security+, a free VirtualBox VM running Linux lets you practice iptables, OpenSSL, and CLI tasks. Browser-based terminals require no local setup at all.
- Know the skip-and-return strategy. When you hit PBQs at the start of the exam, flag them and move on. Complete all MCQs first. Return to PBQs with your remaining time. You'll be warmer, more confident, and you've protected yourself from burning 20 minutes on one question at the start.
- Use the
helpcommand in CLI simulations. CompTIA's CLI simulations typically support thehelpcommand and the?operator. If you blank on exact syntax, try it. This is realistic behavior — real admins use help too. - Always attempt partial completion. If a PBQ has five sub-tasks and you can only confidently do three, do the three. Partial credit is real. A blank answer guarantees zero points.
We built a hands-on lab workbook specifically for this. The Security+ PBQ Lab Guide walks you through 12 real PBQ scenarios — firewall configs, VPN setup, log analysis, PKI, and cloud architecture — step by step. No environment setup required.
→ Get the Security+ PBQ Lab Guide · Get the Network+ PBQ Lab Guide
→ Already on the Security+ path? Read: How to Pass CompTIA Security+ SY0-701 PBQs for a deeper dive into the five most common SY0-701 PBQ types.
Quick Reference: PBQ Facts
Use this table as a reference when planning your study schedule.
| Security+ SY0-701 | Network+ N10-009 | |
|---|---|---|
| Typical PBQ count | 3–5 | 4–6 |
| PBQ types | Firewall, VPN, logs, PKI, cloud | Subnetting, CLI, diagrams, VLAN, wireless |
| Typical time per PBQ | 5–15 minutes | 5–12 minutes |
| Partial credit | Yes (multi-task PBQs) | Yes (multi-task PBQs) |
| Best prep | Lab scenarios + VM practice | Subnetting drills + CLI practice |
Conclusion
PBQs aren't as scary as their reputation suggests — once you've actually practiced them. The format is unfamiliar, the interface can be disorienting under time pressure, and most study materials don't prepare you for them. But the subject matter is the same content you're already studying. The only difference is you're being asked to do it rather than describe it. That gap is completely closeable with the right kind of practice.
The candidates who struggle on exam day aren't less intelligent or less prepared than those who pass. They just spent their prep time on the wrong format. Fix that one thing — add hands-on scenario practice to your study plan — and PBQs stop being a threat and start being the questions you feel most confident about. Grab a free sample from the Security+ PBQ Lab Guide or the Network+ PBQ Lab Guide to see exactly what that practice looks like.