0
0
Kafkadevops~20 mins

Security best practices in Kafka - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Kafka Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this Kafka ACL command?
Consider the following Kafka ACL command to allow a user to produce to a topic:
kafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Alice --operation Write --topic sales-data

What will be the result when Alice tries to produce messages to the topic sales-data?
Kafka
kafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Alice --operation Write --topic sales-data
AAlice can successfully produce messages to the topic sales-data.
BAlice will get a permission denied error when producing to sales-data.
CThe command will fail due to missing consumer permission.
DAlice can only consume messages from sales-data, not produce.
Attempts:
2 left
💡 Hint
Think about what the --operation Write permission allows.
🧠 Conceptual
intermediate
1:30remaining
Which Kafka security feature encrypts data in transit?
Kafka supports several security features. Which one specifically ensures that data sent between clients and brokers is encrypted to prevent eavesdropping?
ASASL (Simple Authentication and Security Layer)
BKerberos Authentication
CACLs (Access Control Lists)
DSSL/TLS (Secure Sockets Layer / Transport Layer Security)
Attempts:
2 left
💡 Hint
Encryption protects data while it moves over the network.
🔧 Debug
advanced
2:30remaining
Why does this Kafka client fail to authenticate?
A Kafka client configured with SASL/PLAIN authentication fails to connect to the broker. The client config snippet is:
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="user1" password="wrongpass";

The broker expects username "user1" with password "correctpass".
What is the cause of the failure?
AThe client is missing the SSL truststore configuration.
BThe client uses SASL_PLAINTEXT instead of SASL_SSL, causing encryption failure.
CThe password in sasl.jaas.config is incorrect, causing authentication failure.
DThe client is using the wrong SASL mechanism; it should be SCRAM-SHA-256.
Attempts:
2 left
💡 Hint
Check the username and password values carefully.
📝 Syntax
advanced
2:00remaining
Which Kafka ACL command syntax correctly removes all ACLs for a user?
You want to remove all ACLs for user Bob. Which command is syntactically correct?
Akafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --remove --principal User:Bob
Bkafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --delete --principal User:Bob
Ckafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --remove --allow-principal User:Bob
Dkafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --remove --principal Bob
Attempts:
2 left
💡 Hint
The correct flag to remove ACLs is --remove and the principal must be specified correctly.
🚀 Application
expert
3:00remaining
How to securely configure Kafka brokers for multi-tenant environment?
You manage a Kafka cluster used by multiple teams. You want to ensure:
1. Each team can only access their own topics.
2. Data in transit is encrypted.
3. Clients authenticate securely.

Which combination of Kafka security features should you enable?
AEnable SSL encryption, configure SASL authentication, and set ACLs restricting topic access per team.
BEnable only ACLs for topic restrictions; encryption and authentication are optional.
CUse plaintext communication with SASL authentication and no ACLs.
DEnable SSL encryption and ACLs but allow anonymous access without authentication.
Attempts:
2 left
💡 Hint
Think about encryption, authentication, and authorization all together.