Kafka MCQs – Kafka Security

Security is a critical aspect of any distributed system, and Apache Kafka offers robust support for securing data in transit and at rest. Kafka supports encryption (SSL/TLS), authentication (SASL mechanisms like PLAIN, SCRAM, GSSAPI, and OAUTHBEARER), and authorization (ACLs). Understanding Kafka’s security model is essential for configuring secure clusters and preventing unauthorized access.

These MCQs will help developers and administrators prepare for interviews and secure production Kafka environments effectively, from basic security concepts to advanced configurations.

1.) Which of the following is used to encrypt Kafka data in transit?

A) SSL/TLS
B) GSSAPI
C) SCRAM
D) OAuth

Answer: Option A

Explanation: Kafka uses SSL/TLS to encrypt data transferred between clients and brokers.

2.) What is the role of SASL in Kafka?

A) Logging system
B) Encryption mechanism
C) Authentication mechanism
D) Topic compression protocol

Answer: Option C

Explanation: SASL (Simple Authentication and Security Layer) is used for user authentication in Kafka.

3.) Which SASL mechanism in Kafka supports Kerberos-based authentication?

A) SCRAM
B) GSSAPI
C) PLAIN
D) PLAIN

Answer: Option B

Explanation: GSSAPI enables Kerberos authentication for secure identity validation.

4.) What is the use of Kafka ACLs?

A) To compress data
B) To define topic partitioning
C) To control access to Kafka resources
D) To perform broker load balancing

Answer: Option C

Explanation: ACLs (Access Control Lists) are used to allow or deny operations on Kafka resources.

5.) Which configuration enables SSL in Kafka broker?

A) broker.ssl.enable=true
B) kafka.ssl.activate=true
C) ssl.auth=true
D) security.protocol=SSL

Answer: Option D

Explanation: Setting security.protocol=SSL enables SSL-based communication.

6.) Which property is required in Kafka clients for SASL authentication?

A) sasl.jaas.config
B) ssl.truststore.type
C) broker.hostname
D) compression.type

Answer: Option A

Explanation: This property defines the JAAS configuration for SASL authentication.

7.) What command is used to configure ACLs in Kafka?

A) kafka-security.sh
B) kafka-add-user.sh
C) kafka-acls.sh
D) kafka-auth.sh

Answer: Option C

Explanation: The kafka-acls.sh script is used to manage Kafka ACLs.

8.) What Kafka component must be secured to protect metadata access?

A) Producer
B) Consumer
C) Zookeeper
D) Partition

Answer: Option C

Explanation: ZooKeeper stores sensitive cluster metadata and must be secured.

9.) Which protocol allows user token-based authentication in Kafka?

A) PLAIN
B) SCRAM
C) GSSAPI
D) OAUTHBEARER

Answer: Option D

Explanation: OAUTHBEARER enables token-based authentication in Kafka.

10.) What is the default security protocol in Kafka if none is specified?

A) SSL
B) PLAINTEXT
C) SASL_SSL
D) SASL_PLAINTEXT

Answer: Option B

Explanation: PLAINTEXT (no encryption or authentication) is used by default unless otherwise specified.

Pages: 1 2 3

Leave a Reply

Your email address will not be published. Required fields are marked *