Browse Confluent Certification Guides

Confluent CCAC DNS and Private Routing Guide

April 14, 2026

Study Confluent CCAC DNS and Private Routing: key concepts, common traps, and exam decision cues.

On this page

Private connectivity failures often come down to path reality: the client resolves the wrong name, sends traffic to the wrong route, or never reaches the intended endpoint. CCAC wants you to prove the path before you blame Kafka.

Triage order

Step What to check first Why
1 DNS resolution path wrong resolution makes every later check noisy
2 route path and network attachment the client may not have a real path to the endpoint
3 firewall or policy boundary reachability may be blocked after resolution succeeds
4 application config only check this after the network path is believable

What the exam is really testing

If the scenario shows… Strong reading
public tests succeed but private clients fail private DNS or routing is likely under test
“cluster is healthy” but apps cannot connect client path, not cluster health, may be the issue
intermittent private failures route, endpoint, or resolution consistency may be weak

Decision order that usually wins

  1. Prove name resolution first.
  2. Prove the route to the intended endpoint second.
  3. Check policy boundaries such as firewalls only after the path is believable.
  4. Touch application config last unless there is direct evidence it is wrong.
  5. Avoid blaming Kafka health before the network path is real.

CCAC networking questions often hide the answer in the path before the broker. The exam rewards operators who validate reachability in order instead of changing permissions or configs at random.

Scenario triage

Scenario Better first move
public works but private fails inspect private DNS and routing
timeouts started after endpoint creation validate name resolution and route path, not just endpoint existence
cluster health looks normal while clients fail stay on the client path lane
intermittent failures hit only one network segment compare routing and resolution consistency

Common traps

Trap Better rule
assuming endpoint creation automatically solves name resolution private DNS still has to point clients correctly
changing RBAC before proving reachability network path comes first
treating every timeout as broker overload path failure is often the stronger first explanation

Quiz

Loading quiz…
Revised on Sunday, May 10, 2026
3.1 Connectivity