The Security Fundamentals Professional Certification (SFPC) is a professional credential awarded by the Center for Development of Security Excellence (CDSE), the primary security education and certification body for the U.S. Department of Defense. The SFPC validates foundational competency across the core disciplines of national security and industrial security programs โ including personnel security, physical security, information security, operations security, and risk management. It is designed for DoD security professionals, cleared contractors, and government employees who are early in their security careers or transitioning into security specialist roles.
This free SFPC practice test PDF is built for candidates preparing for the CDSE SFPC certification exam. The PDF covers all major exam domains, presents questions in the format used on the actual examination, and includes answer explanations to help you understand the reasoning behind each correct answer. Print this PDF and use it alongside CDSE's official courseware and the DoD Security Professional Education Development (SPeD) certification program materials for a complete exam preparation strategy.
Personnel security is the set of policies, procedures, and controls used to ensure that individuals granted access to classified information or sensitive positions are trustworthy, reliable, and loyal to the United States. The personnel security domain on the SFPC exam covers the entire lifecycle of a security clearance: initial investigation, adjudication, periodic reinvestigation, and clearance termination. Candidates must understand the types of background investigations (Tier 1 through Tier 5), the 13 adjudicative guidelines used to evaluate clearance eligibility, and the Continuous Evaluation (CE) program that monitors cleared personnel between periodic reinvestigations.
Key personnel security concepts include the National Industrial Security Program (NISP), administered under the National Industrial Security Program Operating Manual (NISPOM), and the roles of the Defense Counterintelligence and Security Agency (DCSA, formerly DSS) in overseeing cleared contractor security programs. Candidates should also understand the responsibilities of Facility Security Officers (FSOs), the procedures for reporting adverse information under NISPOM, and the insider threat program requirements that were codified in the 2012 Presidential Memorandum and subsequent DoD Instruction 5240.26.
The physical security domain covers the use of barriers, access controls, security systems, and procedural measures to protect classified information, facilities, personnel, and assets from unauthorized access, damage, or theft. SFPC candidates must understand the five layers of physical security (deterrence, detection, delay, response, and recovery), the requirements for Closed Areas, Restricted Areas, and Sensitive Compartmented Information Facilities (SCIFs), and the standards governing intrusion detection systems (IDS) and alarm response times.
Physical security questions on the SFPC exam frequently address construction standards for secure rooms under the ICD 705 technical specifications, requirements for two-person integrity (TPI) in high-security storage environments, GSA-approved containers and vault standards for classified material storage, and visitor control procedures for cleared facilities. Emergency action plans, continuous monitoring requirements, and the role of security forces in responding to physical security incidents are also tested. The SFPC exam requires practical application of these standards โ not just recall of the regulations โ so understanding the reasoning behind physical security layers is as important as memorizing the rules.
Information security covers the classification, handling, transmission, storage, and destruction of classified national security information (CNSI). The governing framework is Executive Order 13526, Classified National Security Information, along with its implementing directives from the Information Security Oversight Office (ISOO). SFPC candidates must know the three classification levels (Confidential, Secret, Top Secret), the criteria for original classification authority (OCA) designations, derivative classification responsibilities, and the required markings for classified documents including portion markings, overall classification markings, declassification instructions, and dissemination control markings.
Information security also covers the handling requirements for Controlled Unclassified Information (CUI) under the CUI Program established by Executive Order 13556 and the National Archives CUI Registry. Additional tested areas include the procedures for authorized transmission of classified information (ARFCOS, DSTS, secure fax), sanitization and destruction requirements for classified media (NSA-approved degaussers, disintegrators, and shredders by classification level), and the requirements for classified information systems under the Risk Management Framework (RMF) and DoD Instruction 8510.01.
Operations Security (OPSEC) is a five-step process for identifying and protecting critical information that adversaries could use to build an accurate picture of friendly intentions and capabilities. The five steps are: (1) identify critical information, (2) analyze threats, (3) analyze vulnerabilities, (4) assess risk, and (5) apply countermeasures. SFPC candidates must understand how OPSEC integrates with other security disciplines, the role of the OPSEC program manager, and how OPSEC assessments are conducted and documented per NSDD-298 and DoD Directive 5205.02E.
Technical Surveillance Countermeasures (TSCM) refers to the techniques used to detect and neutralize technical surveillance devices โ such as hidden microphones, transmitters, and other eavesdropping equipment โ in sensitive facilities and during sensitive discussions. The SFPC exam covers the circumstances under which TSCM surveys are required (new SCIFs, after a security incident, before particularly sensitive meetings), the roles of authorized TSCM teams, and the reporting chain when a technical threat is discovered. Risk management questions integrate across all domains: candidates must apply the DoD Risk Management Framework to evaluate security vulnerabilities, determine residual risk, and select cost-effective countermeasures that bring risk to an acceptable level.
Security policy questions on the SFPC exam address the regulatory hierarchy governing DoD security programs. At the top is the National Security Act and executive orders (EO 12333, EO 13526, EO 13556). Below that are national-level directives from the Director of National Intelligence (ICD series), followed by DoD-level issuances (DoDD, DoDI, DoD Manual series), and finally component-level (Service or Agency) implementing instructions. SFPC candidates must be able to identify which level of authority governs a given security requirement and understand how conflicts between levels are resolved.
The DoD Security Professional Education Development (SPeD) certification program organizes professional development for security specialists into a tiered structure. The SFPC is the foundational tier, designed for professionals with 0โ3 years of experience. It is followed by the Security Asset Protection Professional Certification (SAPPC) for mid-career professionals and the Security Program Integration Professional Certification (SPIPC) for senior security managers responsible for enterprise-level programs. The SFPC certification signals to hiring managers in the cleared contractor community and the federal government that a candidate has verified foundational competency across all seven CDSE security disciplines โ a recognized baseline for security specialist, security analyst, and FSO positions in the DoD industrial base.
Passing the SFPC exam requires both regulatory knowledge and the ability to apply security policies to realistic scenarios under time pressure. Use this printable PDF for offline domain review and question practice, then sharpen your test-day readiness with the interactive online SFPC practice test on PracticeTestGeeks. The online quizzes include timed modes, detailed answer explanations, and performance tracking by domain so you can focus your remaining study time on the areas where you need the most improvement.