Which valid security protocols are included for broker listeners?

Apache Kafka supports several security protocols for configuring broker listeners, which define how clients connect to brokers securely or insecurely. As per the official Apache Kafka documentation (“Security Overview” and “Broker Configuration” sections):

PLAINTEXT:“PLAINTEXT – Unauthenticated, unencrypted connections.”This is the default protocol when no security is configured.

SSL:“SSL – SSL authentication and encryption.”It provides secure communication between clients and brokers using SSL/TLS.

SASL_SSL:“SASL_SSL – SASL authentication and SSL encryption.”This combines SASL-based authentication with SSL encryption for secure and authenticated connections.

SASL_PLAINTEXTis also supported, but it was not listed in your options.

Option C (SASL)is not a valid protocol on its own—it’s a mechanism used within SASL_PLAINTEXT or SASL_SSL.

Option E (GSSAPI)is a SASL mechanism (often used with Kerberos), not a protocol.

Therefore, the correct answers are:

A. PLAINTEXT

B. SSL

D. SASL_SSL

Page Reference:

Confluent Kafka: The Definitive Guide, 1st Edition, Chapter 9 (“Kafka Security”), p. 282–283.

Apache Kafka Documentation, “Security Overview” and “Configuring Broker Listeners”.