HPE7-A02 Define Security Terminology
Define Security Terminology
Detailed list of HPE7-A02 knowledge points
Define Security Terminology Detailed Explanation
1. Core Principles
CIA Triad – The “big three” goals of any security system
Confidentiality – “Keeping secrets secret”
Imagine you keep your valuables in a locked box and only trusted friends have the key.
What it means: Information is readable only by people (or devices/apps) that are authorised.
How it is achieved
Encryption – data is scrambled with a mathematical key; without the key it looks like nonsense.
Role‑Based Access Control (RBAC) – users are placed into roles (e.g., Admin, Guest). Each role has its own set of permissions.
Network segmentation – sensitive servers are placed in their own VLAN or tunnel so outsiders cannot even “see” them.
Integrity – “Keeping the facts intact”
Think of sealing a legal envelope with a tamper‑evident sticker; if someone opens it, you’ll know.
What it means: Data cannot be changed, deleted, or inserted without detection.
How it is achieved
Hashing – creates a unique fingerprint (e.g., SHA‑256). If a single bit changes, the fingerprint changes.
Digital signatures – the sender signs the hash with a private key; receivers use the public key to verify nothing was altered.
MACsec (802.1AE) – encrypts and integrity‑checks Ethernet frames on a wired link.
Availability – “Keeping the lights on”
A shop can be perfectly secure, but if the door is jammed customers still cannot buy anything.
What it means: Systems and data are accessible when needed.
How it is achieved
Redundancy – duplicate hardware (VSX/VSF switch pairs, clustered gateways) ready to take over.
Rate limiting (CoPP) – stops floods of traffic from overwhelming the control plane.
Resilient topologies – multiple network paths so one cable cut does not cause an outage.
2. AAA Model – “Who are you, what can you do, and what did you do?”
Authentication – “Prove it’s really you”
Common real‑world analogy: showing your passport to enter a country.
In networking: A device or user proves identity to the network.
Methods
802.1X with EAP‑TLS / EAP‑PEAP – laptops present a digital certificate or encrypted credentials at the moment they plug in or join Wi‑Fi.
SAML Single‑Sign‑On (SSO) – a web identity token issued by an Identity Provider (IdP) like Okta or Azure AD.
Certificates on devices (TLS mutual auth) – no password needed, the private key is the proof.
Authorization – “What are you allowed to do?”
Analogy: a theme‑park wristband—different colours let you access different rides.
In Aruba networks: ClearPass sends a downloadable User Role to the switch/AP/gateway.
The role can specify VLAN assignment, ACLs (which IPs/ports you can reach), QoS limits, and even bandwidth caps.
A guest smartphone might get the role Internet‑Only, while an IT laptop gets Full‑Corp‑Access.
Accounting – “Show me the receipts”
Analogy: a hotel keeps a log of who checked in, when they entered the gym, and when they checked out.
In the network: Logs record who did what, when, and sometimes how much.
RADIUS accounting packets send session‑start, interim‑update, and session‑stop messages to ClearPass or a SIEM.
NetFlow / IPFIX exports flow summaries (source/destination, bytes, app).
Syslog lines include authentication successes/failures and command histories.
Certainly! Let’s now continue with Part 2 of the beginner-friendly, detailed explanation of the “Define Security Terminology” section from the HPE7-A02 exam.
3. Zero Trust & Dynamic Segmentation
What is Zero Trust?
“Never trust, always verify.”
Traditionally, networks assumed that devices inside the company (like a laptop plugged into Ethernet) could be trusted. But today, attackers can get inside through phishing, stolen devices, or rogue employees.
So Zero Trust says:
Every user, device, and application must be continuously verified,
Even if it’s “already on the network.”
Zero Trust in Aruba's world:
ClearPass checks user credentials and device posture (antivirus status, OS version).
If risk is detected, the device is placed in a restricted role/VLAN.
Access is based on identity, role, and context—not just IP or location.
What is Dynamic Segmentation?
It’s how Aruba enforces Zero Trust without manually managing hundreds of VLANs and ACLs.
The idea:
Devices are automatically classified and then their traffic is tunneled to an Aruba gateway (controller).
At the gateway, role-based security policies (ACLs, QoS, etc.) are applied.
Example:
A medical printer connects to a wired port.
Aruba ClearPass identifies it and assigns it the “Medical Equipment” role.
That switch tunnels its traffic to a gateway, which allows it to talk only to the imaging server—nowhere else.
Key benefits:
Reduces network complexity: no need for per-device VLANs.
Centralizes control: policies live in one place (the gateway), not spread across the whole LAN.
Improves security: segmentation is identity-driven, not location-based.
4. Threat Taxonomy – Common Security Terms You Must Know
Think of this as your basic security dictionary. These words show up everywhere—in documentation, logs, alerts, and exams.
Attack Surface
The total number of ways an attacker could break into your system.
Examples:
Unused open ports (SSH, Telnet)
Public Wi-Fi login pages
Outdated firmware
Reduce it by: disabling services, patching systems, using firewalls.
Vulnerability
A weakness in software, hardware, or configuration that could be exploited.
Example: An old version of ArubaOS that allows login with default credentials.
Exploit
A tool or method that takes advantage of a vulnerability.
Example: A script that bypasses authentication by sending a malformed packet.
Risk
The likelihood and potential impact of a threat exploiting a vulnerability.
Formula:Risk = Threat × Vulnerability × Impact
IDS / IPS (Intrusion Detection/Prevention Systems)
IDS: Monitors and logs suspicious activity (like a security camera).
IPS: Tries to block the activity in real time (like a security guard).
Aruba Example: Aruba EdgeConnect includes inline IPS functionality.
CVE (Common Vulnerabilities and Exposures)
A global database of known vulnerabilities.
Example:
CVE-2023-XXXXmight describe a vulnerability in a network switch.
Vendors like Aruba use CVEs to publish and patch security issues.
MITRE ATT&CK Matrix
A structured model used by security teams to understand real attacker behaviors.
It breaks down:
Tactics: what the attacker wants to do (e.g., “lateral movement”)
Techniques: how they do it (e.g., “pass-the-hash”)
Security tools may map detections to this model to help analysts understand threats faster.
5. Quick Summary
| Concept | What It Means | Aruba Example |
|---|---|---|
| Confidentiality | Only the right people can see data | EAP-TLS auth + VLAN segmentation |
| Integrity | Data hasn't been changed | Digital signatures, MACsec |
| Availability | Systems are accessible when needed | VSX, CoPP, link redundancy |
| Authentication | Who are you? | 802.1X + ClearPass cert auth |
| Authorization | What are you allowed to do? | Downloadable Role with ACL/QoS |
| Accounting | What did you do, and when? | RADIUS Accounting, NetFlow |
| Zero Trust | Verify everyone, always | ClearPass + Dynamic Segmentation |
| Attack surface | Possible entry points for attackers | Open ports, misconfigs |
| Vulnerability | A weakness | Unpatched ArubaOS version |
| Exploit | A method to attack a vulnerability | Script to bypass login |
| Risk | Likelihood + impact of a security issue | High risk = block/quarantine |
| IDS/IPS | Detect or stop malicious activity | EdgeConnect or external firewall |
| CVE | Public record of known flaws | CVE list used in patch notes |
| MITRE ATT&CK | Model of attacker behavior | Used in threat detection systems |
Define Security Terminology (Additional Content)
1. Principle of Least Privilege (PoLP)
What is Least Privilege?
Least Privilege means that a user, device, or application should only have the minimum level of access necessary to perform its function—nothing more.
Why it matters
Limits the potential damage if credentials are compromised.
Reduces the attack surface across the network.
Enforces tighter control over lateral movement within the network.
In Aruba Networks
ClearPass Policy Manager dynamically assigns downloadable roles based on identity, device posture, and context.
For example:
A guest user may be assigned an “Internet-only” role.
A finance user gets access only to ERP servers, not development systems.
Related Feature
- Integration with User-Based Tunneling (UBT) and Dynamic Segmentation ensures traffic is isolated and policy-enforced even on shared infrastructure.
2. Defense in Depth
What is Defense in Depth?
Defense in Depth is a layered security strategy where multiple controls are used to slow down or stop an attacker at every stage of a potential compromise.
Core Idea
If one layer fails, others remain in place to detect or block the threat.
Layers typically include:
Identity verification
Access control (ACLs, VLANs)
Traffic encryption
Intrusion prevention
Log correlation and monitoring
Physical security
Aruba Implementation
Wired Layer: 802.1X authentication + MACsec
Wireless Layer: WPA3 Enterprise + EAP-TLS
Policy Layer: Downloadable roles + role-based firewalls
Visibility Layer: Aruba Central AI Insights + ClearPass audit trails
Response Layer: Integration with SOAR/SIEM to trigger automated containment
3. MAC Authentication Bypass (MAB)
What is MAB?
MAC Authentication Bypass is a fallback authentication method used when a device cannot perform 802.1X, such as:
Printers
IP phones
Legacy embedded systems
The switch identifies the device using its MAC address and sends it to the RADIUS server (typically ClearPass) for classification.
In Aruba Environments
ClearPass evaluates the MAC address against known entries.
If recognized, ClearPass sends a downloadable role to the switch.
MAB works in conjunction with multi-auth and multi-domain port modes to support environments with both 802.1X and non-802.1X devices on the same port.
4. SIEM and Log Correlation (Accounting Extension)
What is a SIEM?
A Security Information and Event Management (SIEM) system aggregates logs and events from across the network and performs correlation, alerting, and analytics.
Examples:
Aruba Central
Third-party tools like Splunk, IBM QRadar, or ArcSight
Role in Accounting
Extends traditional accounting (RADIUS, syslog, NetFlow) into a real-time analysis framework.
Helps answer:
Who did what?
When did they do it?
Was the behavior abnormal?
Supports threat detection, compliance auditing, and incident response.
Aruba Integration
Aruba switches, gateways, and ClearPass can send logs via syslog and NetFlow/IPFIX to SIEM platforms.
Aruba Central has built-in AI-powered anomaly detection, which acts like a cloud-native SIEM.
Example Use Case
A device authenticates at 09:02 (ClearPass logs).
90MB of data is sent to an unknown IP (NetFlow).
Multiple login failures are detected (syslog).
The SIEM correlates these and triggers an alert to quarantine the endpoint.
Summary
| Term/Concept | Purpose | Aruba Integration Example |
|---|---|---|
| Least Privilege | Grant only minimal necessary access | Dynamic roles via ClearPass |
| Defense in Depth | Multiple layers of protection to absorb failures | Authentication + firewall + detection + CoA |
| MAC Authentication Bypass | Auth fallback for non-802.1X devices | MAB + ClearPass + downloadable roles |
| SIEM / Log Correlation | Aggregates and analyzes logs for threat detection and compliance | Aruba Central, Splunk, integration via syslog |
Frequently Asked Questions
What is the difference between authentication and authorization?
Authentication verifies who the user or device is, while authorization determines what that user or device is allowed to do.
These two terms are often used together but represent different steps in the access control process. Authentication confirms the identity of a user or device, typically through credentials such as usernames, passwords, certificates, or 802.1X authentication via a RADIUS server. Authorization occurs after authentication and determines what resources the authenticated user or device can access. For example, in an Aruba campus network integrated with ClearPass, a user may authenticate successfully but still receive restricted network access based on policies. Authorization policies may assign specific roles, VLANs, or access permissions depending on the user identity, device type, or security posture. Many exam questions test whether candidates understand that authentication confirms identity, while authorization controls privileges and network access levels.
Demand Score: 81
Exam Relevance Score: 95
What does AAA stand for in network security?
AAA stands for Authentication, Authorization, and Accounting.
AAA is a security framework used to manage network access. Authentication verifies the identity of users or devices attempting to connect to the network. Authorization determines the permissions and resources that the authenticated entity can access. Accounting records user activities, session durations, and network usage information. Many beginners remember authentication and authorization but overlook accounting. However, accounting is critical for auditing, compliance, troubleshooting, and forensic investigations. For example, network administrators can review accounting logs to determine when a device connected, which account was used, and how long the session lasted. In certification exams, a common trap is assuming accounting refers only to billing, but in enterprise networks it primarily means logging and auditing of network sessions.
Demand Score: 79
Exam Relevance Score: 94
What is the purpose of network segmentation in security?
Network segmentation separates users, devices, or services into different network segments to reduce risk and control access.
Network segmentation is designed to limit the impact of security incidents and control communication between different parts of the network. If all devices exist within a single flat network, a compromised device could easily move laterally to other systems. Segmentation divides the network using VLANs, roles, or policy-based controls. For example, guest devices may only access the internet, printers may only communicate with print servers, and IoT devices may be restricted to a dedicated network segment. In Aruba campus architectures, segmentation is often implemented through dynamic roles, VLAN assignments, and policy enforcement via NAC systems. Exam questions frequently emphasize that segmentation is not only for network organization but primarily for security isolation and reducing lateral movement during attacks.
Demand Score: 77
Exam Relevance Score: 92
What does the principle of least privilege mean in a campus security environment?
Least privilege means granting users and devices only the minimum access necessary to perform their tasks.
The principle of least privilege is a fundamental security concept used to reduce the risk of misuse or compromise. Instead of granting broad access by default, systems assign only the permissions required for a specific role or function. For example, guest users should not access internal corporate resources, printers should only communicate with print services, and IoT devices should be restricted to limited network segments. This principle minimizes the potential damage if a device or account becomes compromised. In Aruba campus environments, least privilege is typically enforced through identity-based access control, dynamic roles, and NAC policies. Certification exams often include scenarios asking which design best improves security, and answers usually involve restricting access through least privilege rather than allowing unrestricted connectivity.
Demand Score: 75
Exam Relevance Score: 93
