The correct answer isAbecause Zero Trust Security is based on the principle thatno user, device, or network segment should be inherently trusted, regardless of whether it is internal or external.Aruba highlights that organizations still often assume internal traffic is more secure than external traffic, and this assumption creates a significant security gap. Identifying whether customers rely on this “trusted internal” model reveals a clear use case for Zero Trust adoption.
Relevant extracts from official HPE Aruba Networking documentation:
“Zero Trust is a security model where no user, device, or application is implicitly trusted, whether inside or outside the network perimeter.”
“Traditional approaches assume internal devices and users are trustworthy, but Zero Trust eliminates this assumption by continuously authenticating and authorizing every entity.”
“Aruba Zero Trust Security focuses on visibility, control, and continuous monitoring to enforce least-privilege access across all devices—including unmanaged IoT—inside the network.”
“Organizations that still rely on implicit trust for internal users and devices are prime candidates for Zero Trust adoption.”
Why the other options are incorrect:
BUnderstanding IPsec is a technical detail and does not uncover a Zero Trust use case.
CRegulatory compliance is important but is not the primary driver for Zero Trust adoption—it is more about assurance and governance.
DData-at-rest encryption is a storage/security requirement, not directly tied to network-based Zero Trust security principles.
References (HPE Aruba Networking Solutions / Study Guides):
Aruba Zero Trust Security — Solution Overview
Aruba ESP (Edge Services Platform) — Security White Paper
Aruba ClearPass and Client Insights — Technical Guide
Aruba ESP Zero Trust and SASE Positioning — Product Brief
===========
