Kafka MCQs – Kafka Security

11.) In Kafka, which file format is used for JAAS configuration?

A) .json
B) .conf
C) .yaml
D) .ini

Answer: Option B

Explanation: JAAS configuration is typically defined in .conf files.

12.) What does an ACL entry in Kafka usually contain?

A) IP address, port
B) Topic name only
C) Principal, operation, resource type
D) Java class file

Answer: Option C

Explanation: ACLs define who (principal) can perform what (operation) on which (resource).

13.) What is required for enabling SCRAM authentication in Kafka?

A) Defining users in JAAS and enabling SASL_PLAINTEXT
B) Defining users in JAAS and enabling SCRAM-SHA-256 or SCRAM-SHA-512
C) Activating TLS protocol
D) Using certificate-based access

Answer: Option B

Explanation: SCRAM requires both user credentials and the correct JAAS configuration.

14.) What is the purpose of ssl.truststore.location in Kafka security config?

A) To specify the truststore file path
B) To locate client certificates
C) To store API keys
D) To enable Kerberos login

Answer: Option A

Explanation: The truststore contains CA certificates used to validate peers.

15.) What is a key security risk when running Kafka with PLAINTEXT protocol?

A) High CPU usage
B) Messages could be delayed
C) Unencrypted data and unauthenticated users
D) Increased disk usage

Answer: Option C

Explanation: PLAINTEXT mode offers no encryption or authentication, making it insecure.

16.) Which component validates ACLs in Kafka?

A) ZooKeeper
B) Broker
C) Producer
D) Consumer

Answer: Option B

Explanation: Kafka brokers validate ACLs before allowing client operations.

17.) Which property allows the Kafka client to verify the broker’s identity over SSL?

A) ssl.hostname.verification.enable
B) ssl.enable.identity.check
C) client.verify.ssl=true
D) ssl.broker.cert.verify

Answer: Option A

Explanation: This property ensures hostname in certificate matches the broker.

18.) Which file contains Kafka keystore passwords?

A) server.log
B) kafka-server-start.sh
C) kafka-security.json
D) keystore.jks

Answer: Option D

Explanation: The keystore file contains private keys and certificates used for SSL.

19.) What is required on the Kafka client to use OAUTHBEARER authentication?

A) Enable JAAS and provide token fetching logic
B) Add user in ZooKeeper
C) Set security.protocol=PLAINTEXT
D) Enable Kerberos

Answer: Option A

Explanation: Clients must provide logic to retrieve and present OAuth tokens.

20.) What does SCRAM stand for in Kafka security?

A) Secure Credential Role Authentication Module
B) Salted Challenge Response Authentication Mechanism
C) SASL Configurable Resource Access Model
D) Synchronous Certificate Renewal And Management

Answer: Option B

Explanation: SCRAM is a password-based SASL authentication mechanism using salts and hashing.

Pages: 1 2 3

Leave a Reply

Your email address will not be published. Required fields are marked *