Here are 100 full stack developer interview questions and answers, covering front-end, back-end, databases, DevOps, system design, and problem-solving. The focus is on practical knowledge and real-world scenarios.
General Full Stack & Web Fundamentals
1. What is a full stack developer?
A developer who can work on both the front-end (client-side) and back-end (server-side) of a web application, handling everything from user interface design to server logic, databases, and deployment.
2. Explain the request-response cycle in a web application.
A client (browser) sends an HTTP request to a server. The server processes the request (may query a database, perform business logic) and sends back an HTTP response containing status code, headers, and optional body (HTML, JSON, etc.). The client then renders the response.
3. What is the difference between client-side and server-side rendering?
Client-side rendering (CSR) sends minimal HTML and uses JavaScript to build the UI in the browser. Server-side rendering (SSR) generates full HTML on the server for each request. SSR often improves initial load time and SEO; CSR offers smoother transitions once loaded.
4. What is MVC architecture?
Model-View-Controller: a pattern that separates an app into three components. Model handles data and business logic, View handles the UI, Controller processes input and mediates between Model and View.
5. Explain the difference between monolithic and microservices architectures.
A monolithic app is built as a single unit where all components share a codebase and database. Microservices architecture splits an app into small, independent services that communicate over a network, each with its own database and deployable independently.
6. What is a web server, and how does it serve a web page?
Software (like Nginx, Apache) that listens for HTTP requests, maps them to static files or forwards them to an application server. It sends back the requested resource (HTML, CSS, images) or the generated response.
7. What is a REST API?
Representational State Transfer: an architectural style using standard HTTP methods (GET, POST, PUT, DELETE) to perform operations on resources identified by URLs. It is stateless and typically returns JSON or XML.
8. What is GraphQL, and how does it compare to REST?
A query language for APIs that lets clients request exactly the data they need, often in a single request. Avoids over-fetching and under-fetching but can be more complex on the server side. REST gives fixed endpoints; GraphQL exposes a single endpoint.
9. Explain the concept of “statelessness” in REST.
Each HTTP request from client to server must contain all the information needed to understand and process the request. The server does not store client context between requests. This improves scalability.
10. What is CORS, and why does it matter?
Cross-Origin Resource Sharing – a browser security feature that restricts web pages from making requests to a different domain. The server must send appropriate headers (Access-Control-Allow-Origin) to allow cross-origin calls.
Front-End Fundamentals (HTML, CSS, JavaScript)
11. What is the Box Model in CSS?
Every element is a rectangular box consisting of content, padding, border, and margin. Understanding box-sizing: border-box is crucial for predictable sizing.
12. Explain CSS specificity.
A system that determines which CSS rule applies when multiple selectors target the same element. Inline styles have the highest specificity, then IDs, then classes/attributes/pseudo-classes, then elements. The more specific selector wins.
13. What is responsive web design and how do you implement it?
Designing websites that adapt to different screen sizes using fluid grids, flexible images, and CSS media queries. Also includes mobile-first approaches and responsive typography.
14. What are semantic HTML elements and why use them?
Elements with clear meaning like <header>, <main>, <article>, <aside>. They improve accessibility, SEO, and code readability.
15. What is the DOM?
The Document Object Model is a programming interface for HTML and XML documents. It represents the page as a tree of nodes; JavaScript can interact with it to change the document structure, style, and content.
16. Explain event delegation in JavaScript.
Attaching a single event listener to a parent element instead of multiple listeners to child elements. When an event occurs, it bubbles up to the parent. Efficient for dynamically added elements and reduces memory usage.
17. What is the difference between == and ===?== (loose equality) performs type coercion before comparing, e.g., 5 == '5' is true. === (strict equality) compares both value and type without coercion. Always prefer === for predictable results.
18. What is a closure in JavaScript?
A function that retains access to its lexical scope (variables from its outer function) even after the outer function has returned. Commonly used to create private variables and for data encapsulation.
19. Explain this keyword in JavaScript.
The value of this depends on how a function is called: in a method it refers to the object; in a regular function (non-strict) it’s the global object; in strict mode it’s undefined; arrow functions inherit this from their enclosing lexical scope.
20. What are Promises and async/await?
Promises handle asynchronous operations, with .then() and .catch(). Async/await is syntactic sugar making asynchronous code look synchronous, improving readability and error handling with try/catch.
21. How do you optimize website performance?
Minimize HTTP requests, compress images (WebP), use lazy loading, minify CSS/JS, enable gzip/Brotli compression, use a CDN, implement caching strategies, reduce server response time, and eliminate render-blocking resources.
22. What is local storage vs. session storage vs. cookies?localStorage: persistent key-value store (survives browser close). sessionStorage: persists only during the page session. Cookies: small data sent with every HTTP request, can be set with expiration and HttpOnly/Secure flags. Cookies are for server communication; web storage is client-side only.
23. What are Web APIs?
Browser-provided interfaces (like Fetch API, Geolocation, Canvas, WebSockets) that allow JavaScript to interact with browser features and the operating system.
24. Explain the difference between inline, block, and inline-block elements.
Block elements take full width, cause line breaks (e.g., <div>). Inline elements take only necessary width and don’t break flow (e.g., <span>). Inline-block flows like inline but can have width/height and vertical margins like block.
25. What is a CSS preprocessor?
A scripting language that extends CSS with features like variables, nesting, mixins, and functions, then compiles to standard CSS. Examples: Sass, Less.
Front-End Frameworks & Libraries (React)
26. What is React and its core principles?
A JavaScript library for building user interfaces using a component-based architecture. Core principles: declarative, component-based, learn once – write anywhere. It uses a virtual DOM for efficient updates.
27. What is JSX?
A syntax extension for JavaScript that resembles HTML. It’s compiled to React.createElement() calls. JSX makes UI code more readable and expressive.
28. Explain the Virtual DOM in React.
A lightweight in-memory representation of the real DOM. When state changes, a new virtual DOM is created and compared (diffed) with the previous one. Only the minimal changes are applied to the real DOM, improving performance.
29. What is the difference between state and props?state is internal data managed within a component and can change over time (using useState). props are read-only data passed from parent to child. Props configure a component; state controls internal behavior.
30. What are React hooks?
Functions that let functional components use state and other React features without writing classes. Examples: useState, useEffect, useContext, useReducer.
31. What does useEffect do?
It lets you perform side effects in functional components (data fetching, subscriptions, DOM manipulation). It runs after render and can be cleaned up via a returned function.
32. What is the Context API?
A way to pass data through the component tree without prop drilling at every level. Useful for theme, authentication, or global settings.
33. What is Redux and when would you use it?
A predictable state container for JavaScript apps. It centralizes application state in a single store. Use when multiple components need to share and synchronize complex state, like a shopping cart or user preferences.
34. How do you handle forms in React?
Using controlled components: form elements’ values are driven by React state. Every change updates the state via onChange handler, making React the single source of truth.
35. What is React Router?
A standard library for routing in React apps. It enables client-side navigation without page reloads by mapping URL paths to components.
36. Explain code splitting in React.
Technique to split your bundle into smaller chunks that are loaded on demand (lazy loading). React’s lazy and Suspense allow components to be loaded only when needed, reducing initial bundle size.
37. What are Higher Order Components (HOCs)?
A pattern that takes a component and returns a new component with additional props or functionality. Now often replaced by hooks for many use cases, but still useful.
38. What is the key prop in React lists?
A unique identifier required when rendering lists of elements. Keys help React identify which items have changed, added, or removed, and optimize re-rendering.
39. How does React handle reconciliation?
The process by which React updates the DOM by comparing the previous virtual DOM with the new one. It minimizes DOM operations by computing the minimal set of changes.
40. What is Next.js and when would you use it?
A React framework that provides features like server-side rendering, static site generation, file-based routing, and API routes. Use it when you need improved SEO and performance for React apps.
Back-End Development (Node.js, Express, Python, Java)
41. What is Node.js and why is it popular for back-end development?
A JavaScript runtime built on V8 engine that enables JavaScript on the server. It’s non-blocking, event-driven, efficient for I/O-heavy applications, and allows full stack JavaScript.
42. What is Express.js and what are its main features?
A minimal and flexible Node.js web application framework. Features: routing, middleware support, template engines, and easy integration with databases.
43. Explain middleware in Express.
Functions that have access to the request object (req), response object (res), and the next middleware function in the application’s request-response cycle. They can execute code, modify request/response, and end the request.
44. How do you handle errors in Express?
By defining error-handling middleware with four parameters (err, req, res, next). This is placed after all other routes and middleware to catch and respond to errors centrally.
45. What is the event loop in Node.js?
A loop that allows Node.js to perform non-blocking I/O operations despite JavaScript being single-threaded. It offloads operations to the system kernel and executes callbacks when tasks complete.
46. What is the difference between process.nextTick() and setImmediate()?process.nextTick() fires immediately after the current operation, before any I/O events. setImmediate() fires on the next iteration of the event loop, after I/O events.
47. How does authentication work in a web app?
Users provide credentials (username/password). The server validates and creates a session or issues a token (JWT). The client includes the token in subsequent requests. The server verifies the token to identify the user.
48. What is JWT and how is it structured?
JSON Web Token: a compact, URL-safe token consisting of three Base64-encoded parts separated by dots: Header (type and algorithm), Payload (claims), Signature (created from header, payload, and a secret). Used for stateless authentication.
49. Explain the concept of RESTful routing.
Mapping HTTP methods and URL paths to controller actions: GET /posts (index), POST /posts (create), GET /posts/:id (show), PUT /posts/:id (update), DELETE /posts/:id (destroy).
50. What is an ORM? Name a few.
Object-Relational Mapping – a technique to interact with databases using objects instead of raw SQL. Examples: Sequelize (Node.js), Prisma (Node.js), SQLAlchemy (Python), Hibernate (Java), Entity Framework (C#).
51. How do you handle file uploads in a web app?
On the client side, use a <form> with enctype="multipart/form-data". On the server, use a middleware like multer (Express) to parse the multipart data, then store the file (on disk or cloud storage) and save the metadata in the database.
52. What is dependency injection?
A design pattern where objects receive their dependencies from an external source rather than creating them internally. Promotes loose coupling and easier testing. Commonly used in Angular, Spring, and NestJS.
53. What are environment variables and how are they used?
Variables set outside the application, typically in a .env file or hosting configuration. They store configuration like database URLs, API keys, and secrets, keeping them out of code.
54. What is a reverse proxy? Give an example.
A server that sits in front of web servers and forwards client requests. Nginx is a common reverse proxy that can handle SSL termination, load balancing, caching, and serving static files.
55. How do you implement pagination in a REST API?
Accept query parameters like page and limit. The server returns a subset of results and often includes metadata like total count, next/prev page links. Example: GET /posts?page=2&limit=20.
Databases (SQL & NoSQL)
56. Compare SQL and NoSQL databases.
SQL (PostgreSQL, MySQL): structured, table-based, pre-defined schema, ACID transactions, great for complex queries and relationships. NoSQL (MongoDB, Redis, Cassandra): flexible schemas, document/key-value/graph models, often horizontally scalable, suited for rapidly changing data models.
57. What is normalization?
The process of organizing a database to reduce redundancy and improve data integrity by dividing large tables into smaller, related tables. Follows normal forms (1NF, 2NF, 3NF).
58. What are indexes and how do they work?
Data structures that improve query speed by allowing the database to find rows without scanning the entire table. Common type is B-tree. Indexes speed up SELECT but slow down INSERT, UPDATE, DELETE.
59. Explain JOIN operations in SQL.
INNER JOIN: returns rows with matching values in both tables. LEFT JOIN: returns all rows from the left table and matched rows from the right; if no match, NULLs for right columns. RIGHT JOIN: opposite. FULL OUTER JOIN: all rows when there’s a match in either table.
60. What is ACID?
Atomicity, Consistency, Isolation, Durability – properties guaranteeing reliable database transactions. Atomicity: all-or-nothing. Consistency: valid state before and after. Isolation: concurrent transactions don’t interfere. Durability: committed transactions survive crashes.
61. What is an OR/M and how does it differ from raw queries?
An ORM maps objects to database tables, allowing you to use programming language constructs instead of writing raw SQL. It speeds up development, reduces SQL injection risks, but may generate inefficient queries if not used carefully.
62. What is connection pooling?
A cache of database connections maintained so that connections can be reused when needed instead of opening a new connection each time. Improves performance and reduces latency.
63. How do you handle database migrations?
Using migration tools (Knex, Flyway, Alembic) that track changes to the database schema as versioned scripts. Migrations can be applied and rolled back, ensuring consistency across environments.
64. What is sharding in databases?
Splitting a large database into smaller, faster, more easily managed parts called shards, often distributed across multiple servers. Each shard holds a subset of data. Improves scalability.
65. How do you model one-to-many and many-to-many relationships in a relational database?
One-to-many: foreign key on the “many” table referencing the “one” table’s primary key. Many-to-many: a junction/join table containing foreign keys from both related tables.
API Development & Integration
66. What is an API endpoint?
A specific URL that represents a resource or service in an API. Clients send HTTP requests to endpoints to perform actions (e.g., /users, /orders/123).
67. Explain RESTful API design best practices.
Use nouns for resources, HTTP verbs for actions, versioning (v1/), proper status codes, filtering/pagination/sorting via query parameters, statelessness, and correct use of HTTP methods (GET is safe/idempotent, POST not idempotent, etc.).
68. How do you version an API?
Common approaches: URI versioning (/api/v1/users), request header versioning, or query parameter versioning. URI versioning is most popular for simplicity.
69. What is rate limiting and why is it important?
Limiting how many API requests a client can make in a given time window. Prevents abuse, ensures fair usage, and protects server resources. Implemented using tools like express-rate-limit.
70. How do you handle authentication in a REST API?
Using tokens (JWT) or sessions. The client sends credentials, receives a token, then includes it in the Authorization: Bearer <token> header for subsequent requests. OAuth2 is common for delegated access.
71. What are HTTP status codes? Give examples.
Codes indicating the result of an HTTP request. Categories: 2xx success (200 OK, 201 Created), 3xx redirection (301 Moved Permanently), 4xx client errors (400 Bad Request, 401 Unauthorized, 404 Not Found), 5xx server errors (500 Internal Server Error).
72. What is the difference between PUT and PATCH?
PUT replaces the entire resource. PATCH applies a partial update to the resource. PUT requires sending the complete object; PATCH only sends changes.
73. How do you document an API?
With tools like Swagger/OpenAPI (auto-generates interactive docs from specs), Postman collections, or manually written documentation. Documentation should describe endpoints, parameters, responses, and authentication.
Version Control with Git
74. What is Git and why is it important?
A distributed version control system that tracks changes in source code. It enables collaboration, allows branching/merging, and maintains a complete history of changes.
75. What is the difference between git merge and git rebase?
Merge joins two branches creating a merge commit, preserving history. Rebase re-applies commits from one branch onto another, resulting in a linear, cleaner history. Rebase rewrites history, so avoid on public branches.
76. Explain a typical Git workflow (like Gitflow).
Main branches: main (production-ready), develop (integration). Feature branches are created from develop, merged back when done. Release branches are created from develop for final polishing, merged to main and develop. Hotfix branches from main fix urgent production issues.
77. How do you resolve a merge conflict?
Git marks the conflicted file with conflict markers. Manually edit the file to keep the desired changes, remove markers, then git add the resolved file and commit.
78. What is .gitignore?
A file specifying intentionally untracked files that Git should ignore (e.g., node_modules, .env, build artifacts). Patterns match files and directories.
79. What is git stash?
Temporarily saves uncommitted changes without committing them, allowing you to work on a clean working directory. Later, you can re-apply with git stash pop.
DevOps, Deployment & Cloud
80. What is CI/CD?
Continuous Integration: developers frequently merge code, triggering automated builds and tests. Continuous Deployment/Delivery: successfully tested changes are automatically deployed to production/staging. Tools: GitHub Actions, Jenkins, GitLab CI.
81. What is Docker and why use it?
A platform that packages applications and their dependencies into lightweight containers. Ensures consistency across development, testing, and production environments.
82. Explain the difference between a container and a virtual machine.
Containers share the host OS kernel, making them lightweight and fast to start. VMs include a full guest OS, offering stronger isolation but heavier resource usage.
83. What is a container orchestration tool?
Tools like Kubernetes that manage deployment, scaling, and operations of application containers across clusters of hosts. Provides service discovery, load balancing, self-healing.
84. How do you deploy a full stack app?
Front-end can be built into static files and served via a CDN or Nginx. Back-end is deployed as a process (e.g., on a VM, container, or serverless platform). Use a managed database service. Configure a domain and HTTPS.
85. What is Nginx commonly used for in a full stack setup?
As a reverse proxy for Node.js/Express apps, serving static files, SSL termination, load balancing, and caching.
86. What is environment-specific configuration?
Configuration that changes based on environment (development, staging, production), like database URL, API keys. It’s managed via environment variables or config files, never hardcoded.
87. How do you handle database backups?
Schedule automated backups using database tools (pg_dump, mongodump) or cloud provider services. Store backups off-site, test restoration periodically.
88. What is a load balancer?
A device or service that distributes incoming network traffic across multiple servers to ensure no single server is overwhelmed, improving availability and reliability.
89. What is horizontal vs. vertical scaling?
Vertical: adding more resources (CPU, RAM) to an existing server. Horizontal: adding more servers to the pool. Horizontal is more scalable and fault-tolerant.
Security Best Practices
90. What are common web security vulnerabilities?
SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), insecure authentication, sensitive data exposure, and security misconfiguration (OWASP Top 10).
91. How do you prevent XSS attacks?
Escape all user input before outputting to HTML. Use Content Security Policy headers. Avoid setting innerHTML with user-controlled data; prefer textContent or React’s JSX escaping.
92. How do you prevent SQL Injection?
Use parameterized queries or prepared statements. ORMs often handle this automatically. Never concatenate user input directly into SQL strings.
93. What is HTTPS and how do you enforce it?
HTTP with TLS encryption. Enforce by redirecting all HTTP traffic to HTTPS and configuring HSTS headers so browsers automatically use HTTPS.
94. How do you store passwords securely?
Never store plaintext. Use a strong hashing algorithm designed for passwords like bcrypt, scrypt, or Argon2 with a salt. This makes rainbow table and brute-force attacks difficult.
95. What is CORS and how do you configure it safely?
Set the Access-Control-Allow-Origin header to specific trusted origins, not *. Use credentials only with specific origins, and specify allowed methods and headers.
System Design & Architecture
96. How would you design a URL shortener?
Components: a web server to accept requests, a service to generate a unique short code (base62 encoding of a counter or a hash), a database to store mappings (short code -> original URL), and redirect logic. For scale, add caching (Redis) and horizontal scaling.
97. How do you ensure scalability in a web application?
Stateless servers behind a load balancer, database replication/partitioning, caching layers (CDN, Redis), asynchronous processing for heavy tasks, and monitoring to identify bottlenecks.
98. What is the difference between vertical and horizontal scaling?
(Already answered earlier; could rephrase.) Vertical scaling adds more power to a single server; horizontal scaling adds more servers. Horizontal is more flexible for growth.
99. What is the CAP theorem?
In a distributed data store, you can only guarantee two of three properties simultaneously: Consistency (all nodes see the same data), Availability (every request gets a response), and Partition Tolerance (system works despite network partitions). In practice, partition tolerance is required, so you choose between CP and AP.
100. How do you handle long-running tasks in a web application?
Offload them to a background job queue (e.g., Bull for Node.js, Celery for Python, Sidekiq for Ruby). The server immediately responds to the client, and the worker processes the task asynchronously. The client can poll or use WebSockets for status updates.