Quick answer: Security+ PBQs are harder because they force prioritization under time pressure, not because they require lab skills
On SY0-701, CompTIA says the exam includes a maximum of 90 questions, a mix of multiple-choice and performance-based questions, in 90 minutes, using a passing score of 750 on a 100-900 scale. A performance-based question can eat the same time as five multiple-choice items if you freeze. The people who fail PBQs usually do not lack knowledge — they lack a repeatable way to triage the prompt.
What does CompTIA officially say about SY0-701?
- Exam code: SY0-701
- Launch date: November 7, 2023
- Question volume: maximum of 90
- Question types: multiple-choice plus performance-based questions
- Time limit: 90 minutes
- Passing score: 750 on a 100-900 scale
- Retail price: $404 as of January 2025 — verify current checkout pricing before purchasing a voucher
CompTIA's current exam objectives break the blueprint into five domains:
- General security concepts: 12%
- Threats, vulnerabilities, and mitigations: 22%
- Security architecture: 18%
- Security operations: 28%
- Security program management and oversight: 20%
That weighting matters for PBQs: even when a prompt looks network-heavy, it often pulls from Security Operations because that domain is the largest at 28%.
What does a Security+ PBQ usually look like?
A PBQ rarely asks you to invent. It asks you to identify, order, configure, match, or choose the best control in a realistic administrative context. You are usually seeing one of four patterns:
- Place the right control in the right location
- Choose the best remediation sequence
- Interpret indicators and map them to the right response
- Apply access-control, segmentation, or hardening logic to a scenario
A repeatable approach to thinking through any PBQ
Step 1: identify the real task verb
If the prompt says configure, do not waste time investigating every screen. If it says prioritize, you are being tested on ordering logic. Many lost points come from solving the wrong problem.
Step 2: anchor to the domain
Ask which domain the prompt feels closest to. A firewall-rule PBQ may still be about operations, not architecture. A data-handling PBQ may be about program management and oversight if the real issue is policy, classification, or governance.
Step 3: eliminate insecure-but-convenient actions
Security+ loves answers that would work but violate baseline good practice. The exam is written for the best security answer, not the fastest operational shortcut.
Step 4: preserve the most important risk principle first
If the scenario involves exposed access, over-broad permissions, flat network trust, or unvalidated changes, fix the risk that meaningfully reduces exposure first.
Four realistic PBQ-style examples with explanations
Example 1: VLAN and segmentation
Prompt style: Drag departments into the correct network segments and choose the best communication rule between them.
What the exam is testing: Least privilege, segmentation, and separation of sensitive systems.
Best thinking pattern: Put high-risk assets and sensitive admin functions behind tighter segmentation. Do not leave management interfaces and user devices sharing casual trust paths.
Why people miss it: They think in org-chart terms instead of trust-boundary terms.
Example 2: incident-response ordering
Prompt style: Order the team's next four steps after suspicious outbound activity is detected.
What the exam is testing: Detection, containment discipline, and evidence preservation.
Best thinking pattern: Confirm indicators, contain appropriately, preserve evidence, then move into eradication and recovery. A common wrong answer jumps straight to deleting artifacts.
Example 3: access control assignment
Prompt style: Assign the correct authentication or authorization method to several users or systems.
What the exam is testing: MFA logic, role-based access control, and administrative separation.
Best thinking pattern: Match the strongest practical control to the highest-risk role, especially privileged access.
Example 4: server or network hardening
Prompt style: Select settings that reduce risk on a server or wireless network.
What the exam is testing: Secure baselines, protocol choice, and configuration hygiene.
Best thinking pattern: Disable what is unnecessary, prefer stronger protocols, reduce exposure where possible, avoid convenience configurations.
Three direct sample questions with answer explanations
Question 1
Question: A PBQ asks you to segment guest Wi-Fi, internal user traffic, and finance systems. Which principle should guide the layout?
Answer: Separate based on trust and sensitivity, not just physical location or team ownership.
Explanation: Finance and administrative systems should not share broad access with guest or general user networks.
Question 2
Question: A host shows signs of compromise. Answer options include deleting suspicious files immediately, imaging the system and collecting relevant logs, and restarting services to restore uptime. Which is strongest first?
Answer: Preserve evidence and follow containment logic rather than destroying artifacts.
Explanation: Security+ repeatedly rewards disciplined response, not panic cleanup.
Question 3
Question: A PBQ asks which controls best protect an administrator account used for remote system management. What combination should you prefer?
Answer: Strong authentication, limited access scope, and separation from routine end-user activity.
Explanation: The exam often bundles least privilege, privileged access hygiene, and monitoring expectations into one scenario.
Most common SY0-701 failure points
- Candidates memorize acronyms but cannot choose between similar controls in context.
- They neglect the blueprint weighting and underprepare Security Operations at 28%.
- They treat PBQs as special labs instead of scenario-based decision questions.
- They run out of time because they never practice making a first-pass decision under pressure.
Exam details verified against CompTIA's official Security+ page as of March 2026. Pricing and exam retirement timing can change — confirm current details before purchasing a voucher.
What should you do next?
Our Security+ study guide includes the full five-domain breakdown, PBQ walk-throughs, a ports-and-protocols memory sheet, and a 6-week plan built around CompTIA's actual blueprint weights.
If you want adaptive practice, SimpuTech's Security+ AI tutor can give you PBQ-style scenarios, explain why one remediation order is better than another, and build a personalized plan around the domains you are missing most often. Try it at SimpuTech.com