Permit Me to Assist You - Instructions Answers

Certification Answers Permit Me to Assist You (Instructor Version – Optional Lab)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or to provide additional practice.


Explain the purpose and operation of ACLs.

Students will design a process for selecting a candidate for security clearance. Groups will be formed and “applicants” will be permitted or denied the job.


  • Each individual in the class will record five questions they would ask a candidate who is applying for a security clearance for a network assistant position within a small- to medium-sized business. The list of questions should be listed in order of importance to selecting a good candidate for the job. The preferred answers will also be recorded.
  • After three minutes of brainstorming the list of questions, the instructor will ask two students to serve as interviewers. These two students will use only their list of questions and answers for the next part of this activity. The instructor will explain to only the two interviewers that they have the discretion, at any time, to stop the process and state “you are all permitted to the next level of interviews” or “I am sorry, but you do not have the qualifications to continue to the next level of interviews.” The interviewer does not need to complete all of the questions on the list.
  • The rest of the class will be split in half and assigned to one of the interviewers.
  • Once everyone is settled into their group with an interviewer, the group application interviews will begin.
  • The two selected interviewers will ask the first question on the list that they created; an example would be “are you over the age of 18?” If the applicant does not meet the age requirement, as specified by the interviewer’s original questions and answers, the applicant will be eliminated from the pool of applicants and must move to another area within the room where they will observe the rest of the application process.

At this point, or later in the process, instructors may wish to state: “You have 2 minutes to complete the interview process.” This is to provide time management to the activity.

The next question will then be asked by the interviewer. If applicants answer correctly, they may stay with the applicant group. The entire class will then get together and discuss their observations regarding the process to permit or deny them the opportunity to continue on to the next level of interviews.


  1. What factors did you consider when devising your list of criteria for network assistant security clearance? ____________________
    Answers will vary – age, experience, knowledge of networking, etc.
  2. How difficult was it to devise five security questions to deliver during the interviews? Why were you asked to list your questions in order of importance to selecting a good candidate? ____________________
    All of the students should mention that the most important qualifications should be listed first in order to eliminate those candidates who do not meet their criteria, quickly.
  3. Why would the process of elimination be stopped, even if there were still a few applicants available? ____________________
    Answers will vary, but the most likely answer would be to provide a pool of applicants who will be permitted or denied the opportunity to move to the next level of employment application process.
  4. How could this scenario and the results be applied to network traffic? ____________________
    Some traffic can be permitted on networks, and some will be denied.

Packet Tracer Example (answers will vary)

Instructor Note: Identify elements of the model that map to IT-related content:

  • ACLs are processes that determine desirable and undesirable network traffic.
  • Criteria must be established in advance of permitting or denying network traffic.
  • The order of importance must be established when developing criteria for permitting or denying network participation.
  • At the end of the process, more than one host may be denied or permitted network participation, based on the criteria specified.