Challenge - 5 Problems
Kafka Encryption Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
❓ Predict Output
intermediate1:30remaining
What is the output of this Kafka configuration snippet?
Given the following Kafka broker configuration snippet for encryption at rest, what will be the value of
log.dirs after parsing?Kafka
log.dirs=/var/lib/kafka/data,/mnt/kafka/storage log.dirs=/var/lib/kafka/data
Attempts:
2 left
💡 Hint
Later configuration lines override earlier ones in Kafka properties files.
✗ Incorrect
In Kafka configuration files, if a property is defined multiple times, the last definition takes precedence. Here,
log.dirs is first set to two directories, then overridden by a single directory.🧠 Conceptual
intermediate1:30remaining
Which Kafka feature directly supports encryption at rest?
Which Kafka feature is designed to encrypt data stored on disk to ensure encryption at rest?
Attempts:
2 left
💡 Hint
Encryption at rest means data is encrypted when stored on disk, not during transmission.
✗ Incorrect
Kafka does not natively encrypt data at rest but supports using encrypted filesystems for
log.dirs. SSL and SASL secure data in transit or authenticate clients, not encrypt data on disk.🔧 Debug
advanced2:00remaining
Why does this Kafka broker fail to start with encryption at rest enabled?
A Kafka broker is configured to use an encrypted filesystem for
log.dirs. The broker fails to start with the error: java.io.IOException: Permission denied. What is the most likely cause?Attempts:
2 left
💡 Hint
Permission denied errors usually relate to filesystem access rights.
✗ Incorrect
When using encrypted filesystems for Kafka logs, the Kafka process must have proper permissions to read and write to the encrypted directories. Missing permissions cause startup failures.
📝 Syntax
advanced1:30remaining
Which Kafka configuration snippet correctly enables encryption at rest using a mounted encrypted volume?
Select the valid Kafka broker configuration snippet that points to an encrypted volume for storing logs.
Attempts:
2 left
💡 Hint
Kafka configuration files use key=value pairs without spaces around the equals sign.
✗ Incorrect
Kafka configuration files require the format
key=value without spaces around the equals sign. Options A, B, and D use invalid syntax.🚀 Application
expert2:30remaining
How to verify Kafka data is encrypted at rest on a Linux system?
You have configured Kafka to store logs on an encrypted filesystem. Which command sequence best verifies that the Kafka log directory is encrypted at rest?
Attempts:
2 left
💡 Hint
Check the mounted filesystem type and attributes of the directory.
✗ Incorrect
The
mount command shows if the directory is on an encrypted filesystem (e.g., LUKS). lsattr shows filesystem attributes. Other options check Kafka configs or topics but do not verify encryption at rest.