HPE7-A02 Exam Training Course Study Plan

Structured module learning model: Each knowledge point follows the following 4 steps

Goal-oriented learning - clarify the module focus + output standards

Content decomposition practice - use 1 Pomodoro to master the concept + give examples

Active recall consolidation - retell on the second day + quick test

Task output acceptance - complete 1 "output" task on the third day (such as: write a summary, draw a process, simulate explanation)

WEEK 1 STUDY PLAN (Day 1–7)

Main Focus: Mastering foundational security concepts — Security Terminology + Device Hardening (Management & Control Plane)

WEEK 1 GOALS:

• Understand and internalize the CIA Triad and AAA model

• Grasp the principles of Zero Trust and Dynamic Segmentation

• Learn key terminology like CVE, attack surface, IDS/IPS

• Begin learning management and control plane hardening methods

• Produce at least 3 pieces of "active output" (diagrams, notes, teaching scripts)

DAY 1 – Confidentiality (CIA Triad Part 1)

Objective: Understand the concept of confidentiality in network security, and how encryption and access control enforce it.

Tasks:

1. Read and summarize what "confidentiality" means in network security.

2. List 3 technologies used to achieve it (e.g., AES encryption, RBAC, VLANs).

3. Draw a simple diagram showing data flow with and without encryption.

4. Write one paragraph explaining why confidentiality matters in enterprise Wi-Fi access.

Study Method:

• Pomodoro 1: Reading + summarizing (20–25 mins)

• Pomodoro 2: Diagram drawing + personal reflection writing

• End-of-day: Say the definition out loud from memory (active recall)

DAY 2 – Integrity & Availability (CIA Triad Part 2)

Objective: Learn how to maintain data integrity and service availability, using hashing, signatures, MACsec, redundancy, and CoPP.

Tasks:

1. Define "integrity" and "availability" in your own words.

2. Study MACsec and write its purpose and implementation level.

3. List 2 examples each of redundancy and CoPP strategies.

4. Draw a side-by-side comparison: What fails without integrity vs without availability?

Study Method:

• Pomodoro 1: Concept comparison and flashcard creation

• Pomodoro 2: Diagram + real-world use case examples

• Evening: Review Day 1 concepts using flashcards (spaced repetition)

DAY 3 – AAA (Authentication, Authorization, Accounting)

Objective: Understand how Aruba networks implement AAA using ClearPass and RADIUS/TACACS+, and the structure of downloadable roles.

Tasks:

1. Read about the AAA framework and explain it using an airport analogy.

2. Sketch the user authentication flow in an Aruba network: 802.1X → RADIUS → Role.

3. Create a chart comparing Authentication vs Authorization vs Accounting.

4. Watch a ClearPass user role demo or video (optional) and take notes.

Study Method:

• Pomodoro 1: Concept digestion + drawing flow

• Pomodoro 2: Role breakdown and component explanation

• End-of-day active recall: Recite the AAA process out loud

DAY 4 – Zero Trust & Dynamic Segmentation

Objective: Understand the principles of Zero Trust and how Aruba applies user-based tunnels and gateway enforcement.

Tasks:

1. Define "Zero Trust" and compare it to perimeter-based security.

2. Draw the traffic flow: device connects → classified → tunneled → policy enforced.

3. Create a short paragraph describing why Dynamic Segmentation simplifies access control.

4. Practice explaining Zero Trust to a non-technical person.

Study Method:

• Pomodoro 1: Study and sketch Aruba UBT architecture

• Pomodoro 2: Write 2 scenarios comparing VLAN segmentation vs DS

• End-of-day output: Record yourself (audio or video) giving a 1-minute explanation

DAY 5 – Security Terminology Deep Dive

Objective: Learn and retain key security vocabulary relevant to threat detection and policy control.

Tasks:

1. Create flashcards for: attack surface, exploit, vulnerability, risk, IDS/IPS, CVE.

2. Read one real CVE example and write down what type of flaw it was.

3. Explain how the MITRE ATT&CK matrix helps in threat detection.

4. Write a 5-question mini quiz using the terms you just learned.

Study Method:

• Pomodoro 1: Flashcard creation + CVE example research

• Pomodoro 2: Quiz writing and personal term recall

• Review: Shuffle cards and test yourself on 10 terms before sleep

DAY 6 – Management Plane Protection (SSH, HTTPS, ACLs)

Objective: Learn how to protect Aruba device management interfaces and prevent unauthorized configuration access.

Tasks:

1. Study SSHv2 key-based access. Write the commands to enable it and disable Telnet.

2. Diagram a secure management architecture using VRF + ACLs + HTTPS.

3. Create a checklist: “5 things to do to secure Aruba switch management access.”

4. Briefly explain why self-signed certificates are a security risk.

Study Method:

• Pomodoro 1: CLI syntax + diagram work

• Pomodoro 2: Summary writing and checklist design

• Review: Recite the five hardening steps from memory

DAY 7 – Review Day: Days 1–6 Content Consolidation

Objective: Actively recall and reinforce everything from this week to anchor long-term memory.

Tasks:

1. Do a 15-minute no-notes recall: Write down every concept you remember from Days 1–6.

2. Self-check: Compare your output with your actual notes. Highlight missing areas.

3. Do 10 practice multiple-choice questions (mix of topics).

4. Write a short reflection: "Which topics felt hardest? What helped you understand better?"

Study Method:

• Pomodoro 1: Active recall + gap fill

• Pomodoro 2: Practice quiz + reflection writing

• Evening task: Re-review any flashcards marked “difficult” in Anki/Quizlet

End of Week 1 Outcome:

• Fully grasp CIA, AAA, Zero Trust

• Learn and use 10+ core security terms

• Know how to secure SSH/HTTPS management access

• Produce: 3 diagrams, 2 summaries, 1 quiz, and 1 role-based flowchart

• Build spaced repetition base for next review checkpoints (Day 14, 21, 30)

---

WEEK 2 STUDY PLAN (Day 8–14)

Main Focus:

• Complete Device Hardening module (data plane + firmware)

• Deep dive into WLAN threat detection (WIDS/WIPS)

• Understand secure wired access: 802.1X, MACsec, MAB

• Master Aruba’s UBT tunneling and infrastructure redundancy (VSX, CoPP)

WEEK 2 GOALS:

• Understand and apply data plane protection techniques like DHCP Snooping, DAI

• Learn how Aruba protects firmware integrity and config backup

• Identify and mitigate wireless attacks with WIPS

• Compare wired authentication methods and MACsec

• Understand user-based tunneling and infrastructure hardening principles

• Continue applying active recall and spaced repetition

DAY 8 – Data Plane Protection (ACLs, DHCP Snooping, DAI, IP Source Guard)

Objective: Understand edge protection mechanisms and their role in stopping spoofing and unauthorized access.

Tasks:

1. Read about each mechanism. Write one sentence each: what it does and how it protects the network.

2. Draw a logic flow for how a switch handles a new device connecting to an edge port.

3. Write CLI commands (in your own syntax) to enable DHCP Snooping on an interface.

4. List 3 attack scenarios these protections prevent.

Study Method:

• Pomodoro 1: Learn and draw the logic flow

• Pomodoro 2: CLI command practice + writing attack examples

• Before bed: Recite each protection’s goal from memory

DAY 9 – Firmware & File System Integrity (Secure Boot, Dual Image, Config Backups)

Objective: Learn how Aruba protects its own firmware and ensures network survivability.

Tasks:

1. Define “Secure Boot” and explain its role in trusted device operation.

2. Compare dual image upgrade with a regular image overwrite.

3. Write backup commands (SCP, USB, TFTP) and explain where backups should be stored securely.

4. Write a policy suggestion: “How often should configs be backed up? Why?”

Study Method:

• Pomodoro 1: Learn Secure Boot, dual image logic

• Pomodoro 2: Practice writing a backup strategy for an SMB Aruba network

• Evening task: Build a mini backup schedule with checkboxes

DAY 10 – Wireless Threats & WIPS (Evil Twin, KRACK, De-auth Flood, Beacon Flood)

Objective: Learn Aruba’s wireless IDS/IPS features and how they detect/respond to wireless-layer attacks.

Tasks:

1. Make a 4-column table: Threat Type | Description | Detection Method | Prevention Action

2. Review Aruba’s WIPS alerts (sample or documentation) and identify what’s actionable

3. Write a 1-minute “elevator pitch” explaining why WIPS is critical in a hospital or university

4. Optional: Watch Aruba WIPS demo and take quick notes

Study Method:

• Pomodoro 1: Study threat types + fill the table

• Pomodoro 2: Write scenarios (e.g., “Student sets up rogue AP”) and how WIPS responds

• End-of-day: Recite 3 threats and how Aruba detects them

DAY 11 – Wired Access Control (802.1X, MACsec, MAB, Captive Portal)

Objective: Compare wired authentication methods and understand MACsec’s role in Layer 2 security.

Tasks:

1. Create a comparison table: 802.1X | MAB | Captive Portal | MACsec

2. Sketch a wired port access flow: device connects → method → ClearPass → role

3. Write CLI logic to enable 802.1X fallback to MAB on an Aruba port

4. Write a paragraph: When should you use MACsec vs VLAN segmentation?

Study Method:

• Pomodoro 1: Method comparison + sketching

• Pomodoro 2: Command writing and scenario discussion

• End-of-day: Practice explaining wired onboarding to a colleague (or to yourself)

DAY 12 – UBT (User-Based Tunneling) & Downloadable Roles

Objective: Understand how Aruba extends policy from edge to gateway using UBT and dynamic roles.

Tasks:

1. Write out the full data path of a device using UBT: Port → Tunnel → Gateway → App ACL

2. Explain how ClearPass assigns downloadable roles dynamically.

3. Make a mini-scenario: “A security camera connects to port X. What happens next?”

4. List 3 benefits of using UBT vs traditional VLAN segmentation.

Study Method:

• Pomodoro 1: Review architecture + diagram UBT

• Pomodoro 2: Build and explain the camera scenario

• Use recall: Try explaining UBT without looking at notes

DAY 13 – VSX, CoPP, uRPF (Infrastructure Hardening)

Objective: Learn how Aruba hardens the network core using VSX (redundancy), CoPP (CPU protection), and uRPF (anti-spoofing).

Tasks:

1. Study VSX: Write 3 reasons why it improves HA in data center networks

2. Diagram VSX dual control plane and sync logic

3. Write a CoPP limiter rule for ICMP and LLDP

4. Explain uRPF in one paragraph: What does it block? When is it useful?

Study Method:

• Pomodoro 1: Study VSX and draw control plane flow

• Pomodoro 2: CoPP command logic + scenario writing (e.g., rogue ICMP flood)

• Review: Active recall for all 3 mechanisms

DAY 14 – Weekly Review & Integration

Objective: Consolidate all learning from Days 8–13 and check retention of key ideas and workflows.

Tasks:

1. Attempt to list all data plane protections from memory

2. Review your notes on UBT and try teaching it out loud

3. Take a 15-question mixed quiz (Device Hardening, WLAN Threats, Wired Auth)

4. Write a reflection log: What concepts felt solid? What needs reinforcement?

Study Method:

• Pomodoro 1: Active recall (write without notes) + compare

• Pomodoro 2: Quiz + reflection writing

• Evening: Use flashcards from this week’s terminology

End of Week 2 Outcome:

• Mastery of Device Hardening (all planes)

• Strong understanding of WLAN and wired access threats

• Ability to visualize and explain UBT and VSX

• Flashcard set: 25+ key terms reviewed

• Weekly quiz score to guide Week 3 reinforcement

---

WEEK 3 STUDY PLAN (Day 15–21)

Main Focus:

• Master SD-Branch architecture, IPsec tunneling, and path optimization

• Understand endpoint fingerprinting and classification strategies

• Begin building threat detection logic via logs, flows, and alerting systems

WEEK 3 GOALS:

• Confidently explain Aruba SD-Branch design and WAN health optimization

• Identify and differentiate passive vs active endpoint classification techniques

• Understand how ClearPass assigns roles and risk scores to endpoints

• Learn what Aruba monitors via syslog, NetFlow, and AI Insights

• Produce at least 3 analytical outputs (tables, flowcharts, summary notes)

DAY 15 – SD-Branch Architecture & IPsec Tunnels

Objective: Learn Aruba’s branch gateway behavior, how they register to Central, and build secure tunnels using IKEv2 and AES-GCM.

Tasks:

1. Sketch the SD-Branch topology: BGW → Aruba Central → Headend Gateway → Internet

2. Describe the tunnel establishment process using IKEv2 (steps + encryption standards)

3. Write a summary: “What does AES-GCM do in the tunnel context? Why 256-bit?”

4. Optional: Watch Aruba SD-Branch onboarding demo and take notes

Study Method:

• Pomodoro 1: Draw topology + IKEv2 flow

• Pomodoro 2: Summary writing and key encryption terminology review

• Active recall: Practice explaining tunnel setup to yourself or on paper

DAY 16 – Dynamic Path Selection & Central Policy Management

Objective: Understand how Aruba chooses WAN paths dynamically based on performance metrics, and how cloud-managed policies enforce routing and segmentation.

Tasks:

1. Define “jitter,” “latency,” and “packet loss” — how does Aruba measure and act on these?

2. Create a logic table: Metric threshold → Path behavior (e.g., switch from MPLS to LTE)

3. Write 2 policy examples managed via Aruba Central (e.g., VLAN-to-segment mapping, failover priority)

4. Explain why centralized policy control is important for multi-branch environments

Study Method:

• Pomodoro 1: Read and summarize Aruba’s path selection algorithm

• Pomodoro 2: Build examples and write logic chains

• End-of-day: Review path selection triggers using flashcards

DAY 17 – IPsec Encryption, Role Persistence, and WAN Edge Security

Objective: Learn how Aruba ensures secure data exchange across WAN and maintains identity context at the edge.

Tasks:

1. List Suite B cryptography components used in WAN tunnels

2. Define “role persistence” — how does ClearPass enforce policy consistently across branches?

3. Diagram: Device connects → Authenticates → Tunnel built → Role applied at headend

4. Write a scenario: “IoT sensor in Branch A must only talk to cloud server X. How is this enforced?”

Study Method:

• Pomodoro 1: Study encryption, roles, and policy enforcement

• Pomodoro 2: Scenario writing + diagramming

• Review: Quiz yourself on tunnel + role persistence steps

DAY 18 – Remote User Access: VIA VPN + ZTNA

Objective: Compare Aruba VIA client VPN to clientless ZTNA integrations; understand posture checks and federated access.

Tasks:

1. Diagram Aruba VIA VPN connection sequence (client → ClearPass → authentication → secure tunnel)

2. Define “posture check” and list 3 parameters it evaluates (AV, firewall, patch level)

3. Explain how third-party ZTNA solutions integrate with ClearPass

4. Write a policy logic: “Only users with healthy posture + AD group ‘Remote-IT’ can access CRM app”

Study Method:

• Pomodoro 1: Study Aruba VIA architecture

• Pomodoro 2: Write access policy logic + compare to ZTNA model

• Evening: Practice recall — What makes ZTNA different from traditional VPN?

DAY 19 – Passive Endpoint Classification (DHCP, MAC OUI, TCP/IP Stack)

Objective: Learn how Aruba passively classifies endpoints using traffic it already sees, without scanning or active probes.

Tasks:

1. Make a table comparing DHCP Option 55 vs Option 60 (purpose, format, value types)

2. Read MAC OUI examples and list 5 vendor prefixes (e.g., Apple, HP, Cisco)

3. Draw a TCP/IP fingerprinting flow showing how TTL, window size, etc., reveal OS traits

4. Write a paragraph: Why is passive classification safer for unmanaged networks?

Study Method:

• Pomodoro 1: Review all passive methods

• Pomodoro 2: Fill in example tables + diagrams

• End-of-day: Recite passive vs active differences from memory

DAY 20 – Active Classification (SNMP, NMAP, ClearPass OnGuard)

Objective: Understand how Aruba actively probes endpoints to gather deeper info — services, OS, health posture.

Tasks:

1. Write 2 examples of SNMP queries: sysDescr and sysObjectID — what do they tell us?

2. Explain what NMAP does and what “banner grabbing” reveals

3. Diagram an OnGuard posture check: Agent → ClearPass → Result → Enforcement

4. Write a risk:benefit analysis — When should active scanning be avoided?

Study Method:

• Pomodoro 1: Study tool behaviors (SNMP, NMAP, OnGuard)

• Pomodoro 2: Diagram + mini risk report writing

• Active recall: Practice explaining posture check in one minute

DAY 21 – Risk Scoring & Role Mapping + Weekly Review

Objective: Understand how ClearPass assigns device risk scores and applies roles dynamically based on multiple inputs.

Tasks:

1. Define how CPDI or OnGuard calculates a risk score (e.g., unpatched OS, unknown device type)

2. Draw a role mapping logic tree: inputs → score → action (role, VLAN, ACL)

3. Review all content from Days 15–20 using flashcards or mind maps

4. Take a 15-question mixed-topic quiz (SD-WAN, VIA, Endpoint Classification)

Study Method:

• Pomodoro 1: Risk scoring + role tree drawing

• Pomodoro 2: Quiz + active recall exercise (no-notes writing challenge)

• Evening: Write a weekly learning log — 3 topics you now understand well, 2 you want to revisit

End of Week 3 Outcome:

• You can diagram and explain SD-Branch WAN tunnels and path optimization

• You understand endpoint classification workflows: passive, active, posture

• You can design dynamic policy enforcement logic (risk → role → ACL)

• Flashcard base now covers 40+ key terms

• Your ability to explain Aruba concepts without notes has significantly improved

---

WEEK 4 STUDY PLAN (Days 22–28)

Main Focus:

• Learn Aruba’s multi-source monitoring framework: syslog, NetFlow, AI Insights

• Master Network Analytics Engine (NAE), EdgeConnect Threat Management, and WIPS responses

• Internalize Aruba’s structured troubleshooting methodology

• Begin understanding forensic evidence collection and timeline correlation

WEEK 4 GOALS:

• Recognize and correlate data sources used in Aruba threat detection

• Be able to use CoA, quarantine roles, and API automation for threat response

• Fully memorize and apply Aruba’s 4-step troubleshooting process

• Start building forensic analysis skills, beginning with evidence gathering logic

• Produce: 2 logic diagrams, 1 CoA workflow chart, 1 CLI quick-reference

DAY 22 – Monitoring Data Sources (Syslog, SNMP, NetFlow, AI Insights)

Objective: Understand how Aruba devices send logs and telemetry data to Central and SIEMs for behavioral analysis.

Tasks:

1. Write what each data source captures:

   • Syslog

   • SNMP Traps

   • NetFlow / sFlow / IPFIX

2. Diagram a data flow: Device → Aruba Central → SIEM

3. Define how Aruba Central AI Insights detects “anomaly” (baseline behavior + deviation)

4. List 3 examples of actionable alerts and their triggers

Study Method:

• Pomodoro 1: Review Aruba data types and logging structure

• Pomodoro 2: Flowchart drawing + examples

• Evening: Practice recall with a “what if” game — “What log helps you detect...?”

DAY 23 – Embedded Analytics (NAE, EdgeConnect IDS/IPS, WIPS)

Objective: Learn Aruba’s built-in analytics tools and how they actively detect security threats from wired and wireless perspectives.

Tasks:

1. Describe what NAE does. List 3 monitoring tasks it can automate (e.g., threshold detection, script execution)

2. Write an example of an NAE Python script condition (e.g., CPU > 90% → log + alert)

3. Review EdgeConnect’s IDS/IPS capabilities — explain the role of TLS inspection and proxy certificates

4. Make a summary table:

   • Tool | Target | Trigger | Response

Study Method:

• Pomodoro 1: Read and simplify NAE and IDS/IPS behavior

• Pomodoro 2: Write a sample threat signature + prevention chain

• Active recall: Recite one IDS scenario and how Aruba blocks it

DAY 24 – WIDS/WIPS Wireless Threat Detection & Response

Objective: Dive deeper into wireless security by examining Aruba’s ability to detect and contain rogue APs and client attacks.

Tasks:

1. Create a threat matrix for wireless:

   • Threat | Signature | Detection Method | Aruba Action

2. Draw Aruba’s WIPS response workflow (from detection to containment)

3. Watch or read a real Aruba WIPS event (sample log or video)

4. Write a 1-minute script: “How WIPS protects a school campus”

Study Method:

• Pomodoro 1: Study detection signatures + event flow

• Pomodoro 2: Scenario analysis and writing

• Evening: Flashcard drill — wireless attack types and Aruba countermeasures

DAY 25 – Threat Response Mechanisms (CoA, Quarantine Roles, SOAR API)

Objective: Learn how Aruba responds to detected threats using real-time enforcement tools and automation integrations.

Tasks:

1. Define “CoA” (Change of Authorization) — what it is and when to use it

2. Diagram a CoA-triggered flow: Device misbehaves → Central alert → ClearPass → Reauth + quarantine

3. Write a JSON-style REST API call to disable a switch port (mock example)

4. List 3 SOAR platforms that Aruba can integrate with and how

Study Method:

• Pomodoro 1: Study CoA and API logic

• Pomodoro 2: Diagram flow and simulate SOAR scenario

• Evening: Practice explaining each threat response method to a teammate

DAY 26 – Troubleshooting Methodology (4-Step Process)

Objective: Fully understand Aruba’s structured troubleshooting process and learn to apply it logically.

Tasks:

1. Write out the 4 steps:

   • Identify layer

   • Collect evidence

   • Test hypothesis

   • Resolve and verify

2. Create a chart mapping each common issue to its OSI layer (e.g., “No DHCP” → Layer 2)

3. Summarize tools used in each step (show log, packet capture, role-trace)

4. Solve one scenario (e.g., “Client can’t get IP on VLAN 20”) using the full process

Study Method:

• Pomodoro 1: Process overview + tool matching

• Pomodoro 2: Scenario drill and tool application

• Active recall: Practice saying all 4 steps with 2 example tools each

DAY 27 – Troubleshooting Tools (CLI, Central, Insight)

Objective: Learn and memorize key CLI and UI tools used for diagnosing issues in Aruba networks.

Tasks:

1. Review and write out these key commands:

   • show port-access clients detail

   • show ap debug auth-trace

   • aaa test-server radius

2. Create a CLI cheat sheet with command name, what it shows, and when to use it

3. Explore Aruba Central’s “Client Journey” feature and list the troubleshooting steps it visualizes

4. Write a scenario-based plan: “A Wi-Fi user failed EAP. Use tools to diagnose.”

Study Method:

• Pomodoro 1: CLI tool mapping

• Pomodoro 2: Scenario plan and cheat sheet writing

• Evening: Practice CLI recall (flashcard format: "What shows EAP steps?")

DAY 28 – Review: Threat Detection + Troubleshooting Summary

Objective: Consolidate the week’s learning, practice applied troubleshooting, and reinforce threat detection logic.

Tasks:

1. Build a concept map: Data Source → Detection Tool → Action Taken

2. Take a 20-question mixed quiz (from Threat Detection + Troubleshooting modules)

3. Write your own troubleshooting case and solve it using Aruba’s 4-step method

4. Review any terms or tools that were difficult this week

Study Method:

• Pomodoro 1: Quiz + gap review

• Pomodoro 2: Case writing and problem-solving

• Evening: Optional — record yourself explaining the 4-step troubleshooting process

End of Week 4 Outcome:

• You understand and can apply Aruba’s threat detection logic end-to-end

• You know how to use logs, flow records, and NAE analytics for security response

• You can walk through the entire Aruba troubleshooting methodology from memory

• CLI tools and CoA flows are now part of your practical toolkit

• You’ve created your first self-written troubleshooting case — a sign of real mastery

---

WEEK 5 STUDY PLAN (Days 29–35)

Main Focus:

• Complete the Forensics module: evidence gathering, timeline reconstruction, post-incident action

• Begin active recall-based review of all past modules: 3-day rotation (Modules 1–6)

• Focus on “explaining, solving, and testing” rather than passively reviewing

• Develop study artifacts: concept maps, flashcard updates, quick-reference diagrams

WEEK 5 GOALS:

• Understand how to gather and preserve incident evidence in Aruba environments

• Practice correlating logs (RADIUS, NetFlow, syslog) to build an event timeline

• Begin reactivating memory traces from Week 1–3 modules using targeted recall

• Solve 1 practice scenario per review day

• Identify knowledge gaps to guide final exam prep phase

DAY 29 – Forensics Part 1: Evidence Gathering

Objective: Learn how Aruba devices and ClearPass support incident investigation through log bundles and audit trails.

Tasks:

1. Write out what is included in a tech-support bundle (support-save) — logs, PCAPs, config, diagnostics

2. Run or simulate the command: copy support-save scp://<backup-location>

3. List 3 reasons why ClearPass audit trails are legally valuable (e.g., timestamped, signed)

4. Define "chain of custody" in a digital network context

Study Method:

• Pomodoro 1: Study bundle components and logging paths

• Pomodoro 2: Diagram a full evidence export chain (Switch → SCP → Analyst)

• End-of-day: Practice reciting what data each platform preserves

DAY 30 – Forensics Part 2: Timeline Reconstruction

Objective: Learn to correlate logs and metrics (authentication, NetFlow, alerts) into a reliable incident timeline.

Tasks:

1. List data sources that must be NTP-synchronized to ensure timeline accuracy

2. Practice reading timestamped RADIUS logs and NetFlow entries

3. Create a sample correlation flow:

   • Device auth @ 10:32

   • Suspicious flow @ 10:35

   • Alert generated @ 10:36

4. Write how to verify if a revoked certificate was used using OCSP or CRL

Study Method:

• Pomodoro 1: Review log sample + write a timeline scenario

• Pomodoro 2: Practice matching log timestamps (use Excel or by hand)

• Active recall: Recite steps of a simple forensics correlation process

DAY 31 – Forensics Part 3: Post-Incident Actions

Objective: Learn how Aruba networks adapt after a security event by updating roles, risk scores, policies, and signatures.

Tasks:

1. Write a post-incident checklist:

   • Update ClearPass fingerprints

   • Adjust role enforcement

   • Push new IDS signatures

2. Draw a logic chain: Detection → CoA → Quarantine → Forensic analysis → Role policy update

3. Write 2 sentences each on how uRPF, CoPP, and fingerprint-based roles prevent future attacks

4. Write a sample post-mortem note: “After the attack, what did we change?”

Study Method:

• Pomodoro 1: Write checklist + role logic map

• Pomodoro 2: Case note writing + prevention logic

• Evening: Quick review of all three days of forensics

DAY 32 – Review Cycle A: Modules 1–2 (CIA, AAA, Zero Trust + Device Hardening)

Objective: Reactivate Week 1 content using retrieval-based tasks and practice questions.

Tasks:

1. Do a 20-question quiz covering CIA, AAA, and Device Hardening

2. Without looking at notes, draw the AAA process and label key components

3. Practice CLI recall: write SSH hardening and CoPP configuration commands

4. Create a 1-page mind map linking CIA → AAA → Zero Trust → Hardening methods

Study Method:

• Pomodoro 1: Practice test + review

• Pomodoro 2: Diagrams + memory map

• Optional: Teach a topic to a friend or aloud to yourself

DAY 33 – Review Cycle B: Modules 3–4 (Secure WLAN + Wired Access)

Objective: Reactivate key concepts around wireless and wired authentication, threat prevention, and access control.

Tasks:

1. Take a 15-question topic quiz: WPA3, EAP-TLS, MPSK, 802.1X, MACsec

2. From memory, write the full wireless onboarding process (client → role enforcement)

3. Write and explain the difference between MACsec and Dynamic Segmentation

4. Update your flashcards for these modules based on any wrong answers

Study Method:

• Pomodoro 1: Quiz + reflection

• Pomodoro 2: Output task (diagram, policy table)

• Evening: Quick-fire flashcard recall (15 terms)

DAY 34 – Review Cycle C: Modules 5–6 (Secure WAN + Endpoint Classification)

Objective: Consolidate SD-Branch architecture, IPsec, WAN logic, and endpoint profiling methods.

Tasks:

1. Draw a WAN diagram showing dynamic path selection and tunnel failover

2. Create a table comparing passive vs active classification tools (DHCP, SNMP, OnGuard, NMAP)

3. Write a policy logic: “High-risk devices → quarantine VLAN”

4. Take a 15-question practice test on these topics

Study Method:

• Pomodoro 1: Drawing and classification table

• Pomodoro 2: Test + policy writing

• Active recall: Recite from memory all passive fingerprinting methods

DAY 35 – Week 5 Integration & Personalized Review

Objective: Synthesize Forensics + Reviewed Modules into a mental framework and correct lingering weak spots.

Tasks:

1. List all 9 core modules and write 2 takeaways for each

2. Identify your lowest quiz-scoring topic so far and revisit that content for 25 mins

3. Pick one complete scenario (e.g., “IoT device triggers IDS”) and solve it: detection → response → forensics

4. Write a short journal entry: “What am I confident in now? What needs 1 more cycle?”

Study Method:

• Pomodoro 1: Self-assessment + weakest topic refresh

• Pomodoro 2: Full scenario solving

• Evening: Rebuild study priorities for Week 6 (your final phase)

End of Week 5 Outcome:

• Full mastery of Forensics concepts, workflows, and mitigation loops

• Reactivated memory and practice coverage for two-thirds of all exam modules

• Completed 70+ practice questions

• Updated flashcard system and cheat sheet notes

• Identified personal weak points for targeted drilling in Week 6

---

WEEK 6 STUDY PLAN (Days 36–42)

Main Focus:

• Second review cycle across all 9 modules

• Practice integrating knowledge across domains (e.g., troubleshooting + classification + CoA)

• Target weak spots discovered in Weeks 3–5

• Complete your first full-length mock exam

WEEK 6 GOALS:

• Actively recall all key concepts without notes

• Be able to handle full exam-style questions under time constraints

• Cross-link concepts (e.g., how Secure WAN and Endpoint Classification affect threat response)

• Finalize all personal study tools (flashcards, cheat sheets, CLI guides)

• Complete and review a full-length practice test (50–60 questions)

DAY 36 – Review Cycle D: Modules 7–8 (Threat Detection + Troubleshooting)

Objective: Activate memory on detection tools, CoA/quarantine logic, and structured troubleshooting method.

Tasks:

1. Do a 15-question quiz (Syslog, NAE, WIPS, CoA, troubleshooting tools)

2. Recite the 4-step troubleshooting method out loud with a new scenario

3. Diagram: “Threat detected by Central → ClearPass → CoA → Quarantine → Review”

4. Refresh CLI command flashcards for show ap debug, aaa test-server, and port-access clients

Study Method:

• Pomodoro 1: Practice quiz + tool review

• Pomodoro 2: Draw workflow and explain each step

• Evening: Timed CLI recall — write all tools you’d use to diagnose a failed 802.1X session

DAY 37 – Review Cycle E: Module 9 (Forensics) + Catch-up

Objective: Reinforce forensics timeline construction, data export, and audit review. Use this day to fill any missed gaps.

Tasks:

1. Rebuild a full incident timeline using mock logs:

   • Auth time → NetFlow → Alert → Response

2. Write out the Secure Boot + tech-support-save workflow

3. Take 10 questions focused on evidence, audit logs, and post-incident actions

4. Spend 25–30 minutes revisiting your weakest topic to date

Study Method:

• Pomodoro 1: Timeline reconstruction

• Pomodoro 2: Weak topic refresh + flashcard update

• Active recall: List all data ClearPass logs and where to retrieve them

DAY 38 – Integration Review: Access Control (Wired, Wireless, Endpoint)

Objective: Synthesize 802.1X, MACsec, EAP-TLS, posture checks, and risk scoring into one unified understanding.

Tasks:

1. Draw a full onboarding flow: client connects → auth method → role → segment

2. Compare wired vs wireless access path: which tools apply where?

3. Create a role logic table: posture/risk score/group → VLAN + ACL

4. Take a 15-question integration quiz (access-related topics)

Study Method:

• Pomodoro 1: Diagrams + comparison

• Pomodoro 2: Quiz + table output

• Evening: Practice “explaining to a stakeholder” — Why posture and classification must work together?

DAY 39 – Integration Review: Threats + Responses (WLAN, WAN, IDS/IPS)

Objective: Practice cross-domain thinking — link threats to detection to enforcement.

Tasks:

1. Match 5 threat types to Aruba responses:

   • Evil Twin → WIPS

   • Malware spread → CPDI risk score

   • Flooding → CoPP

2. Write 2 full detection → response chains:

   • e.g., device floods → NAE → alert → quarantine

3. Do a 15-question scenario quiz (mix of threats, response tools, policy enforcement)

4. Refresh notes on TLS inspection and ZTNA integration

Study Method:

• Pomodoro 1: Mapping and chain building

• Pomodoro 2: Scenario quiz + review

• End-of-day: Close notebook and try narrating 3 Aruba threat defense strategies

DAY 40 – Output Focus: Concept Mapping + Flashcard Audit

Objective: Force full recall of all content in compressed, visual format.

Tasks:

1. Create one master concept map showing all 9 modules, their tools, and key links

2. Go through your entire flashcard deck — remove mastered, rewrite unclear

3. Build a 1-page “cheat sheet” listing:

   • Key CLI commands

   • Aruba tools

   • Troubleshooting steps

   • High-risk concepts

Study Method:

• Pomodoro 1: Map creation (can use pen+paper or digital tools)

• Pomodoro 2: Flashcard audit and rewrite

• Evening: Close your eyes and recite each module’s main concept in one sentence

DAY 41 – Mock Exam Day (Timed)

Objective: Simulate exam conditions. Identify timing issues and confidence gaps.

Tasks:

1. Take a full 60-question mock exam (1.5 hours recommended)

2. Immediately review all wrong answers. Note:

   • Was it a knowledge gap?

   • Misreading?

   • Misunderstanding the question structure?

3. Write your final error log: 5 things you misunderstood + corrected explanations

Study Method:

• Full test block in one sitting (no distractions)

• Review + error analysis

• End-of-day: Recite 3 corrected misunderstandings and their fixes

DAY 42 – Confidence Builder + Flexible Reinforcement

Objective: Cement what you know, calmly re-visit anything still unclear, and build exam mindset.

Tasks:

1. Write one page: “What I now understand well”

2. Write another page: “3 questions I want to walk through once more”

3. Use your cheat sheet and flashcards for 30-minute active recall

4. End with a quiet mental drill: visualize a scenario and walk yourself through detection → response → post-analysis

Study Method:

• Pomodoro 1: Writing + focused mini-review

• Pomodoro 2: Flashcard + cheat sheet recall

• Optional: Do 5 mixed questions from each major domain to finish

End of Week 6 Outcome:

• You’ve completed 2 full review cycles of the entire exam

• You’ve tested yourself in timed conditions and corrected your own misconceptions

• You’ve built and refined your flashcards, notes, cheat sheets, and mental models

• You’re ready for the final prep phase: focused short-cycle review + mock exam polishing

---

WEEK 7 STUDY PLAN (Days 43–49)

Main Focus:

• Daily short-cycle reviews of all modules

• Targeted practice drills (5–10 questions per domain)

• Fast memory recall using flashcards, concept maps, and cheat sheets

• Final mock exam + walkthrough

• Mental priming for calm, focused exam performance

WEEK 7 GOALS:

• Achieve 85%+ accuracy on practice questions

• Recall any key concept in under 30 seconds

• Be able to walk through 3 end-to-end scenarios with no notes

• Strengthen confidence and reduce pre-exam stress through familiarity

DAY 43 – Quick-Cycle Review: Modules 1–3

Focus:

• Security Terminology (CIA, AAA, Zero Trust)

• Device Hardening (Mgmt/Control/Data plane)

• Secure WLAN (EAP-TLS, WPA3, WIPS)

Tasks:

1. 5-question drill per module (15 total) — time yourself (20 min max)

2. From memory, write 1 CLI command and 1 scenario per module

3. Recite from flashcards (15 key terms only)

4. Close your eyes and mentally walk through:

   • EAP-TLS auth flow

   • CoPP implementation

   • Zero Trust enforcement

DAY 44 – Quick-Cycle Review: Modules 4–6

Focus:

• Secure Wired AOS-CX (802.1X, MACsec, UBT)

• Secure WAN (SD-Branch, IPsec, VIA)

• Endpoint Classification (passive, active, risk scoring)

Tasks:

1. 15-question mini quiz (wired access, SD-WAN logic, classification)

2. Review and redraw the UBT flowchart

3. Rebuild your classification tool comparison table from scratch

4. Practice CLI commands: 802.1X fallback config, DHCP Snooping, VLAN assignment

DAY 45 – Quick-Cycle Review: Modules 7–9

Focus:

• Threat Detection (logs, AI, NAE)

• Troubleshooting (4-step method, tools)

• Forensics (timeline, evidence, CoA, post-incident)

Tasks:

1. 5 scenario-based questions: “You detect an anomaly — what happens next?”

2. Rebuild the 4-step troubleshooting table with examples

3. Redo your forensic timeline from memory

4. Explain out loud: how does Aruba respond to an Evil Twin attack from detection to post-remediation?

DAY 46 – Full-Length Practice Exam #2 (Timed)

Tasks:

1. Sit for a 60-question exam under timed, quiet conditions (90 minutes max)

2. Immediately review wrong answers and label cause:

   • Knowledge gap

   • Misread question

   • Overthinking

3. Write 3 reflections:

   • What felt easier this time?

   • What tripped you up?

   • What will you revisit tomorrow?

DAY 47 – Final Memory Reactivation: Full Recall Drill

Tasks:

1. From scratch, write out the 9 modules, their keywords, and Aruba tools used in each

2. Use your flashcards or Anki to run a 20-minute “speed drill” — 30 terms in under 5 minutes

3. Review your cheat sheet and concept map. Cover one area — try to recall everything underneath

4. Use active recall for 3 full processes:

   • Authentication (WLAN or wired)

   • Threat response (WIPS + CoA)

   • Incident investigation (logs + post-actions)

DAY 48 – Final Review + Mindset Conditioning

Tasks:

1. Create your “Exam Confidence Sheet”:

   • 5 things you know well

   • 3 things you’ll glance over before exam

   • 1 mindset quote or phrase (e.g., “I’ve trained for this.”)

2. Light review: 15 flashcards, 5 questions, 1 diagram

3. Walk through a clean, no-rush “If this happens, I do that” scenario

   • E.g., “RADIUS fails → What tools, what commands, what fix?”

DAY 49 – Exam Simulation or Light Day (Based on Readiness)

Choose based on how you feel:

Option A – Confident

• Light day: 5 flashcards, 1 page of visual review, 15 min of reflection

• Go to bed early and relax

Option B – Still Hesitant

• 10-question timed set

• Review top 2 weak areas (briefly)

• Redo 1 diagram and 1 troubleshooting table

End of Week 7 Outcome:

• You’ve completed 2 full-length exams

• You’ve reviewed and recalled every concept twice or more

• You’ve built full cognitive flexibility — explain, apply, solve

• You’re mentally and technically prepared to pass with confidence

---

DAY 50 – Final Day Before the Exam

Theme: Light. Focused. Intentional. No stress.

GOALS:

• Lightly review what matters most (with zero pressure)

• Reinforce confidence in your thinking, not just your memory

• Set a calm, focused mental state for exam day

• Prepare logistics: exam timing, materials, environment

Morning Routine (60–90 minutes)

1. Run a “victory review”:

   • Without looking at notes, list all 9 HPE7-A02 knowledge domains

   • Under each, write 2 things you now deeply understand

   • Smile — you’ve earned this

2. Review your Cheat Sheet:

   • Spend 10–15 minutes reading your summarized commands, concepts, and diagrams

   • No pressure to memorize — this is just familiarity reinforcement

3. Run 5 Final Flashcards:

   • Only the ones that tripped you up before — nothing new

   • Say the answer aloud, explain it in your own words

Midday Mental Drill (45 minutes max)

1. Scenario Talk-Throughs (No writing, no notes)
   Imagine these in your head or speak aloud:

   • “An IoT device gets misclassified. What’s the flow from classification to enforcement?”

   • “A user fails 802.1X auth. What tools will I use to diagnose and fix?”

   • “I detect a rogue AP. How does Aruba respond from WIPS to quarantine?”

2. Breathing and Rehearsal

   • Take 5–10 deep breaths. Then say:

     • “I understand the concepts.”

     • “I know the flow.”

     • “I am prepared.”

   • Close your eyes. Visualize:

     • You sitting at the exam. Calm. Confident. Starting and finishing strong.

Final Checklist

Exam Mindset:

• It’s not about trick questions — it’s about thinking clearly

• If you don’t know, eliminate wrong answers and trust logic

• Every module you’ve studied connects to real-world actions — this is your advantage

Logistics:

• Confirm your exam time, login method (PearsonVUE or partner)

• Prepare ID, quiet space, working computer

• Water, light snack, no distractions for 2 hours

Before Sleep:

• Do not study anything new

• Review your 1-page summary or key visual only if it helps you feel calm

• Get 7–8 hours of sleep

• Tell yourself: “I’m not cramming. I’m ready.”

---