By default, what do Kafka broker network connections have?

By default, Kafka does not enable any security mechanism. This means:

Communication is done over PLAINTEXT (unencrypted).

No authentication is configured.

No authorization is enforced.

From Apache Kafka documentation:

“By default, Kafka has no security. All network communication is done in plaintext, and there is no client authentication or authorization.”

This means that:

Option A is correct.

Option B is incorrect because encryption is not enabled by default.

Option C is incorrect because authentication is not provided unless SASL is configured.

Option D is incorrect as neither encryption nor authentication is enabled by default.

Page Reference:

Confluent Kafka: The Definitive Guide, 1st Edition, Chapter 9, p. 275

Apache Kafka Documentation: “Security Overview” section

‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾