Here are 100 back-end developer interview questions and answers, covering foundational concepts, databases, APIs, security, performance, architecture, frameworks, version control, testing, and problem-solving. Each question is in bold, followed by a detailed answer. No dividing lines.
What is the difference between a monolithic and microservices architecture?
Answer: A monolithic architecture packages all application components (UI, business logic, data access) into a single deployable unit. It is simpler to develop initially but becomes harder to scale and maintain as it grows. Microservices architecture decomposes the application into small, independent services that communicate over a network (HTTP, message queues). Each service can be developed, deployed, and scaled independently. Microservices increase complexity but offer better scalability, fault isolation, and technology diversity.
What are RESTful APIs and what are their constraints?
Answer: REST (Representational State Transfer) is an architectural style for designing networked applications. RESTful APIs follow six constraints: client-server separation, statelessness (each request contains all necessary information), cacheability, layered system, code-on-demand (optional), and a uniform interface (using HTTP methods – GET, POST, PUT, DELETE, PATCH – and resource-based URLs).
Explain the difference between PUT and PATCH HTTP methods.
Answer: PUT replaces an entire resource with the request payload. If a field is omitted, it may be set to default or null. PATCH applies partial updates to a resource, changing only the fields provided. PUT is idempotent (multiple identical requests have the same effect), and PATCH is not required to be idempotent but often is.
What is idempotency in the context of HTTP methods?
Answer: Idempotency means that making multiple identical requests has the same effect as making a single request. Idempotent methods: GET, PUT, DELETE, HEAD, OPTIONS. Non-idempotent: POST (creating new resources), PATCH (not guaranteed). Idempotency is important for safe retries in unreliable networks.
What is the difference between authentication and authorization?
Answer: Authentication verifies the identity of a user or service (e.g., login with username/password, OAuth token). Authorization determines what resources or actions an authenticated user is allowed to access (e.g., role-based access control). Authentication precedes authorization.
What is JWT (JSON Web Token) and what are its components?
Answer: JWT is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. It consists of three parts separated by dots: Header (algorithm and token type), Payload (claims, e.g., user ID, expiration), and Signature (hashed header + payload with a secret). JWTs are stateless and self-contained, often used for API authentication.
What is OAuth and how does it work?
Answer: OAuth is an open standard for token-based authorization that allows third-party applications to access user data without exposing credentials. OAuth 2.0 flows involve: Resource Owner (user), Client (app), Authorization Server, and Resource Server. The client receives an access token after user consent, then uses that token to access protected resources.
Explain the concept of connection pooling. Why is it used?
Answer: Connection pooling is a technique where database connections are created once, kept open, and reused across multiple requests, rather than opening a new connection for each request. It reduces the overhead of connection establishment (TCP handshake, authentication), improves performance, and prevents connection exhaustion.
What are database indexes and how do they work?
Answer: Indexes are data structures (usually B-trees or hash tables) that improve the speed of data retrieval operations at the cost of additional storage and slower write operations (INSERT, UPDATE, DELETE). They work by allowing the database to quickly locate rows without scanning the entire table. Common types: primary key, unique, composite, and full-text indexes.
What is the difference between a clustered and non-clustered index?
Answer: A clustered index determines the physical order of data in the table. A table can have only one clustered index (often the primary key). Non-clustered indexes are separate structures that point to the data rows, and a table can have many non-clustered indexes. In clustered indexes, leaf nodes contain the actual data rows; in non-clustered, leaf nodes contain pointers to rows.
Explain the difference between SQL and NoSQL databases. When would you use each?
Answer: SQL databases (relational) use structured schemas, tables with rows and columns, support joins, ACID transactions, and are good for complex queries and data integrity (e.g., financial systems). NoSQL databases (document, key-value, graph, column-family) are schema-flexible, scale horizontally, and are good for large-scale data, rapid iteration, and use cases like content management, real-time analytics, and session storage.
What is an ACID transaction?
Answer: ACID stands for Atomicity (all or nothing), Consistency (transactions bring database from one valid state to another), Isolation (concurrent transactions do not interfere), and Durability (committed transactions persist even after system failure). ACID properties ensure reliable processing of database transactions.
What is sharding and how does it help with scalability?
Answer: Sharding is a horizontal partitioning technique where a large database is split into smaller, independent databases (shards) based on a shard key (e.g., user ID, region). Each shard runs on its own server, distributing load and improving read/write throughput. It increases complexity for queries that span multiple shards.
What is database normalization and what are the main normal forms?
Answer: Normalization is the process of organizing data to reduce redundancy and improve data integrity. First Normal Form (1NF): eliminate repeating groups; each cell has a single value. Second Normal Form (2NF): 1NF + no partial dependency (all non-key columns depend on whole primary key). Third Normal Form (3NF): 2NF + no transitive dependency (non-key columns depend only on the key). Higher forms exist but are rarely used.
What is a stored procedure and what are its advantages?
Answer: A stored procedure is precompiled SQL code stored in the database and executed as a single unit. Advantages: reduced network traffic (execute multiple statements with one call), encapsulation of business logic, reuse, security (grant execute permissions without table access), and performance (precompiled execution plan).
Explain the N+1 query problem and how to solve it.
Answer: The N+1 problem occurs when an ORM executes one query to retrieve a list of N entities, then executes N additional queries to fetch related data for each entity. Solution: use eager loading (JOIN with eager fetch) or batch loading to retrieve all related data in a single query. In SQL, use JOIN or subqueries. ORM tools like Hibernate provide @EntityGraph or fetch joins.
What is the difference between UNION and UNION ALL in SQL?
Answer: UNION combines results from two or more SELECT statements and removes duplicate rows (requires a distinct sort). UNION ALL includes all rows from each SELECT, including duplicates, and is faster because it does not perform duplicate elimination. Use UNION only when duplicates must be removed.
What are SQL injection attacks and how can you prevent them?
Answer: SQL injection occurs when user input is unsafely concatenated into SQL queries, allowing attackers to manipulate the query (e.g., ' OR '1'='1). Prevention: use parameterized queries (prepared statements) with bound parameters, input validation (whitelist), stored procedures, and escape input only when absolutely necessary. ORMs generally prevent injection.
What is a distributed transaction and what are its challenges?
Answer: A distributed transaction spans multiple independent databases or services. Challenges: achieving ACID across boundaries (Two-Phase Commit, XA transactions), performance overhead, and increased failure scenarios. Modern approaches often use eventual consistency with patterns like Saga (compensating transactions) rather than strict ACID.
What is the CAP theorem?
Answer: The CAP theorem states that in a distributed data system, you can only achieve at most two of three properties: Consistency (all nodes see the same data at the same time), Availability (every request receives a response, even if not the latest data), and Partition tolerance (system continues to operate despite network partitions). Most distributed systems choose AP (availability + partition tolerance) with eventual consistency, or CP (consistency + partition tolerance) with reduced availability.
What is eventual consistency and when is it acceptable?
Answer: Eventual consistency guarantees that, if no new updates are made, all replicas will eventually converge to the same value. It is acceptable for non-critical read-after-write scenarios like social media feeds, analytics, and cache, but not for financial transactions or inventory management where strong consistency is required.
What is a message queue and why would you use one?
Answer: A message queue (e.g., RabbitMQ, Apache Kafka, AWS SQS) is an asynchronous communication mechanism where producers send messages to a queue and consumers process them. Benefits: decoupling of services, load levelling (handle bursts), fault tolerance (messages persist), and scalability (multiple consumers). Used for background jobs, event-driven architectures, and inter-service communication.
What is idempotency in the context of message processing?
Answer: Idempotency means processing the same message multiple times has the same effect as processing it once. Message queues can deliver messages more than once (at-least-once semantics). Implement idempotency by deduplicating using message IDs stored in a database, using versioning, or designing operations to be naturally idempotent (e.g., setting a customer’s status to “active” multiple times).
Explain the difference between synchronous and asynchronous processing.
Answer: Synchronous processing blocks the caller until the operation completes (e.g., HTTP request). Asynchronous processing returns immediately (e.g., publishing a message to a queue) and the caller continues; the result is handled later via callback, polling, or event. Asynchronous improves responsiveness and scalability but adds complexity.
What are WebSockets and how are they different from HTTP?
Answer: WebSockets provide full-duplex, persistent, low-latency communication over a single TCP connection, unlike HTTP which is request-response and half-duplex. WebSockets are ideal for real-time applications like chat, live notifications, and gaming. After an initial HTTP handshake (Upgrade), the connection stays open.
What is CORS and how does it work?
Answer: Cross-Origin Resource Sharing (CORS) is a security mechanism that allows or restricts web pages from making requests to a different domain than the one that served the page. Browsers enforce CORS by sending an OPTIONS preflight request for non-simple requests. The server responds with Access-Control-Allow-Origin header. Back-end APIs must configure CORS correctly to allow front-end access.
What is rate limiting and how can you implement it?
Answer: Rate limiting restricts the number of requests a client can make within a time window to prevent abuse and ensure fair usage. Common algorithms: token bucket, leaky bucket, fixed window, sliding window log, and sliding window counter. Implement with Redis or in-memory stores. Headers like X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After are often returned.
What are environment variables and why are they important?
Answer: Environment variables store configuration values outside the source code (e.g., database URLs, API keys, feature flags). They improve security (secrets not committed to version control), portability (different values for development, staging, production), and twelve‑factor app compliance.
What is a reverse proxy and why is it used?
Answer: A reverse proxy sits between clients and back-end servers, forwarding requests on behalf of clients. Uses: load balancing, SSL termination, caching static content, compression, security (hiding back-end servers), and serving multiple applications from a single domain (path-based routing). Examples: Nginx, HAProxy, Apache.
What is load balancing and what are common algorithms?
Answer: Load balancing distributes incoming network traffic across multiple servers to improve responsiveness, availability, and fault tolerance. Algorithms: round‑robin, least connections, IP hash (sticky sessions), weighted round‑robin, least response time, random. Layer 4 (transport) vs Layer 7 (application) load balancers.
Explain the difference between horizontal and vertical scaling.
Answer: Vertical scaling (scale-up) adds more resources (CPU, RAM) to a single server. It has hardware limits and creates a single point of failure. Horizontal scaling (scale-out) adds more servers to a pool, distributing load. It improves fault tolerance and can be nearly unlimited but requires stateless applications and distributed data management.
What is a container (e.g., Docker) and how does it differ from a virtual machine?
Answer: A container packages an application and its dependencies together, sharing the host OS kernel, making it lightweight and fast. A virtual machine (VM) includes a full guest OS, making it heavier and slower to start. Containers are more portable and resource-efficient but provide less isolation than VMs. Docker is the most popular container platform.
What is an ORM (Object-Relational Mapping) and what are its pros and cons?
Answer: An ORM maps database tables to objects in code, allowing developers to interact with the database using the programming language instead of raw SQL. Pros: faster development, portability between databases, reduced boilerplate, and some protection against SQL injection. Cons: performance overhead (especially complex queries), leaky abstractions, and difficult to optimize for high throughput.
What are the differences between gRPC and REST?
Answer: gRPC uses HTTP/2, Protocol Buffers (binary serialization), and supports streaming (unary, server-side, client-side, bidirectional). It is strongly typed, generates client/server code, and is faster and more efficient for internal microservices. REST uses HTTP/1.1 (or HTTP/2), JSON/XML (text), and is simpler to adopt for public APIs. gRPC requires a service definition (.proto) and is less browser‑friendly.
What is the difference between authentication and authorization?
Answer: (Earlier question, rephrased) Authentication proves identity (who you are). Authorization determines permissions (what you can do). Authentication usually occurs first, then authorization.
What is a cache and what caching strategies exist?
Answer: A cache stores frequently accessed data temporarily for faster retrieval. Strategies: cache‑aside (application loads cache on demand), read‑through (cache sits between app and DB), write‑through (write to cache and DB simultaneously), write‑behind (write to cache, then asynchronously to DB), and write‑around (write to DB, cache not updated). Examples: Redis, Memcached, in‑memory caching.
What is the difference between LRU and LFU cache eviction policies?
Answer: LRU (Least Recently Used) evicts the item that has been accessed the farthest in the past. LFU (Least Frequently Used) evicts the item with the lowest access count. LRU is simpler and works well for temporal locality; LFU works better for access patterns where some items are consistently hot.
What are common performance bottlenecks in back‑end systems?
Answer: Database queries (missing indexes, full table scans), network latency, I/O operations (file system, external API calls), CPU‑intensive computations, memory leaks, inefficient loops, improper use of synchronization, and blocking operations. Use profiling tools (e.g., flame graphs) to identify.
How do you profile a slow API endpoint?
Answer: Use logging with timing (start/end timestamps). Use APM tools (New Relic, Datadog) to trace request path. Profile database queries (EXPLAIN plan). Check for N+1 queries. Profile application code with CPU profilers (PySpy, async-profiler). Monitor resource usage (CPU, memory, I/O). Simulate load with load testing tools (JMeter, k6).
What is the difference between a process and a thread?
Answer: A process is an independent program in execution with its own memory space. A thread is a lightweight unit of execution within a process, sharing memory (heap, global variables) and resources. Threads are cheaper to create and switch, but require synchronization to avoid race conditions. Languages like Node.js (single‑threaded event loop) and Java (multi‑threaded) model differently.
What is deadlock and how can you prevent it?
Answer: Deadlock occurs when two or more threads are blocked forever, each waiting for a resource held by another. Four necessary conditions: mutual exclusion, hold and wait, no preemption, circular wait. Prevention: avoid one of the conditions (e.g., enforce a global lock ordering, use timeout, or use a deadlock detection algorithm). In databases, deadlocks are detected and resolved by killing one transaction.
What is a race condition? Give an example.
Answer: A race condition occurs when the outcome of a program depends on the unpredictable timing of multiple threads accessing shared data without proper synchronization. Example: two threads incrementing the same variable without locking; they read the same old value and overwrite each other’s update, causing lost update. Prevention: locks, atomic operations, or thread‑safe data structures.
What are asynchronous programming patterns in JavaScript (Node.js)?
Answer: Callbacks (error-first), Promises (then/catch), and async/await (syntactic sugar over Promises). Asynchronous non-blocking I/O is the foundation of Node.js, using an event loop and worker threads for CPU‑intensive tasks. Avoid callback hell by using Promises or async/await. Handle unhandled promise rejections.
What is the event loop in Node.js?
Answer: The event loop allows Node.js to perform non-blocking I/O operations despite being single-threaded. It consists of phases: timers (setTimeout, setInterval), pending callbacks, idle/prepare, poll (retrieve new I/O events), check (setImmediate), close callbacks. Long-running synchronous code blocks the loop, hurting performance. Use process.nextTick() and setImmediate() for scheduling.
Explain the concept of middleware in Express.js (or similar frameworks).
Answer: Middleware functions have access to the request and response objects and the next function. They can execute code, modify req/res, end the request-response cycle, or call the next middleware. Used for logging, authentication, parsing request bodies, compression, error handling, and CORS. Order matters; middleware runs in sequence.
What is the difference between process.nextTick() and setImmediate()?
Answer: process.nextTick() schedules a callback to run on the same phase of the event loop, before any I/O or timers (effectively immediately after the current operation). setImmediate() schedules a callback to run in the “check” phase, after I/O events. process.nextTick() can cause event loop starvation if used recursively.
What is clustering in Node.js and why would you use it?
Answer: The Node.js cluster module allows you to create multiple child processes (workers) that share the same server port. This takes advantage of multi-core systems, improving throughput and reliability. The master process distributes incoming connections to workers. However, sessions or shared state must be stored externally (e.g., Redis) because workers are isolated.
What is the difference between == and === in JavaScript (back-end context)?
Answer: (Already covered earlier) In back‑end Node.js, always use === to avoid type coercion bugs. == can produce unexpected results (e.g., 0 == false is true). Linting rules enforce strict equality.
Explain the concept of middleware in Django (Python) or similarly in other frameworks.
Answer: Django middleware is a lightweight pluggable system that hooks into the request/response processing. It runs before the view (process_request) and after the view (process_response, process_exception). Use for authentication, security (CORS, CSRF), compression, logging, and session management.
What is the Global Interpreter Lock (GIL) in Python and how does it affect concurrency?
Answer: The GIL is a mutex that allows only one thread to execute Python bytecode at a time, even on multi-core systems. This simplifies memory management but prevents true parallel threading for CPU‑bound tasks. For I/O-bound tasks, threading still works (threads release GIL on I/O). For CPU‑bound tasks, use multiprocessing (separate processes) or asynchronous I/O (asyncio).
What are async/await in Python (asyncio) and how do they work?
Answer: Python’s asyncio library provides an event loop for asynchronous programming. async def defines a coroutine, await suspends execution until the awaited coroutine completes. Used for I/O-bound tasks (network calls, file I/O) without threads. The event loop runs concurrently, not in parallel. Use asyncio.gather() for multiple tasks.
What is the difference between a list and a tuple in Python?
Answer: Lists are mutable (can be changed after creation) and have dynamic size; tuples are immutable (cannot be changed) and have fixed size. Lists use more memory and are slower for iteration; tuples are hashable (can be used as dictionary keys). Use tuples for fixed collections (database records) and lists for dynamic sequences.
What is a decorator in Python? Give a use case.
Answer: A decorator is a function that takes another function and extends its behavior without explicitly modifying it. Use cases: logging, timing, authentication, caching (lru_cache), rate limiting. Example:
python
def log(func):
def wrapper(*args, **kwargs):
print(f"Calling {func.__name__}")
return func(*args, **kwargs)
return wrapper
What is SQLAlchemy?
Answer: SQLAlchemy is a SQL toolkit and Object-Relational Mapping (ORM) library for Python. It provides a high-level ORM (working with Python classes) and a core (SQL expression language). It supports multiple databases, connection pooling, and migrations (with Alembic). It is widely used in Flask and FastAPI applications.
What is the difference between @staticmethod and @classmethod in Python?
Answer: @classmethod receives the class as the first argument (cls) and can access or modify class state. @staticmethod receives no special first argument; it behaves like a regular function but belongs to the class’s namespace. Class methods can be overridden by subclasses, static methods cannot (they are just functions).
What is Django’s ORM and how does it handle lazy loading?
Answer: Django’s ORM is lazy: querysets are not evaluated until they are iterated or converted to a list. This allows chaining filters and avoids unnecessary database hits. It also supports select_related (JOIN for foreign keys) and prefetch_related (separate queries for many-to-many) to solve N+1 queries.
What is the difference between GET and POST in terms of security and idempotency?
Answer: GET is idempotent and should not change server state. Parameters are visible in the URL (log, browser history), so sensitive data should not be sent via GET. POST is non-idempotent, used for creating or updating resources; parameters are in the body, not logged by default. POST is not cached by default. Use HTTPS for both.
What is a DDoS attack and how can you mitigate it?
Answer: Distributed Denial of Service (DDoS) overwhelms a server with traffic. Mitigation: rate limiting, firewalls, load balancers with auto-scaling, use of CDN (Cloudflare, AWS Shield), IP blacklisting, CAPTCHAs, and deploying applications on scalable cloud infrastructure.
What are webhooks and how are they different from APIs?
Answer: Webhooks are user-defined HTTP callbacks triggered by events in a source system, sending data to a URL in real-time. APIs require the consumer to poll for updates. Webhooks are more efficient for event-driven communication but require the receiver to be publicly accessible and handle delivery retries.
What is idempotency key and how is it used in REST APIs?
Answer: An idempotency key is a unique value (often UUID) sent by the client in a request header. The server stores the key and its first response. If the same key is sent again (e.g., due to network retry), the server returns the same response without processing the request again. This prevents duplicate operations (e.g., double charging). Common in payment APIs.
What are the benefits of using API versioning and what strategies exist?
Answer: API versioning allows changes without breaking existing clients. Strategies: URL path (/v1/resource), custom header (Accept: application/vnd.myapi.v1+json), query parameter (?version=1), and content negotiation. URL path is the most common and self-documenting. Deprecation policy and sunset headers (Deprecation, Sunset) should be communicated.
What is HATEOAS and why is it important in REST?
Answer: HATEOAS (Hypermedia as the Engine of Application State) is a REST constraint where responses include links to related actions (e.g., { "links": { "self": "/orders/1", "cancel": "/orders/1/cancel" } }). This decouples clients from hardcoded URL structures, making APIs more evolvable. Rarely implemented fully in practice.
What is a stored procedure vs a function in SQL?
Answer: Procedures (stored procedures) do not return a value (though they can have output parameters) and can perform transactions, DDL, and DML. Functions return a single value or a table and can be used in queries (e.g., SELECT * FROM myFunction()). Functions cannot change database state in some databases (purity).
What is database deadlock detection and resolution?
Answer: Database deadlocks occur when two transactions each hold a lock and wait for the other’s lock. Most modern databases (PostgreSQL, MySQL InnoDB) automatically detect deadlocks using a wait-for graph and abort (rollback) one transaction, typically the one with the least cost. Application code should retry failed transactions.
Explain the use of EXPLAIN in SQL.
Answer: EXPLAIN shows the query execution plan chosen by the database optimizer: table access order, index usage, join types, and estimated costs. It helps identify missing indexes, full table scans, and inefficient joins. Analyze with ANALYZE to get actual runtimes.
What is a common table expression (CTE) and when would you use it?
Answer: A CTE is a temporary result set defined using WITH clause that can be referenced within a SELECT, INSERT, UPDATE, or DELETE. It improves readability of complex queries (recursive queries, hierarchical data) and can be referenced multiple times. Recursive CTEs are used for tree structures (e.g., org charts).
What is database partitioning and what are its types?
Answer: Partitioning splits a large table into smaller, more manageable pieces (partitions) while still being a single logical table. Types: range (date ranges), list (explicit values, e.g., region), hash (distributes evenly), and composite. Benefits: improved query performance (partition pruning), easier archiving, and parallel scans.
Explain the difference between optimistic and pessimistic locking.
Answer: Optimistic locking assumes conflicts are rare; it uses a version number or timestamp. Before updating, it checks if the version matches; if not, it aborts the transaction. Pessimistic locking acquires locks (e.g., SELECT FOR UPDATE) before modifying, preventing concurrent updates. Optimistic performs better with low contention; pessimistic ensures safety but can reduce concurrency.
What is a database view and when do you use it?
Answer: A view is a virtual table based on the result set of a SELECT query. Use to simplify complex queries, restrict access to specific columns (security), and ensure consistent logic. Materialized views store the result physically for performance but require refresh.
What is the difference between CHAR and VARCHAR?
Answer: CHAR(n) is fixed-length; it always uses n characters, padding with spaces. VARCHAR(n) is variable-length; it uses only the actual length plus 1-2 bytes for length prefix. VARCHAR is space-efficient for columns with varying lengths; CHAR may be faster for fixed-length strings (like country codes).
What are triggers in databases and what are their pros and cons?
Answer: Triggers are procedures that automatically execute in response to INSERT, UPDATE, DELETE events. Pros: enforce data integrity, auditing, denormalization, complex validation. Cons: hidden business logic (hard to debug), performance overhead, and can cause cascading triggers or deadlocks.
What is the difference between Redis and Memcached?
Answer: Both are in‑memory data stores. Redis supports data structures (strings, hashes, lists, sets, sorted sets, bitmaps, hyperloglogs), persistence (RDB snapshots, AOF), replication, Lua scripting, and pub/sub. Memcached is simpler (key‑value only), multithreaded, with no persistence, ideal for caching. Redis is more feature-rich; Memcached can be faster for simple caching.
What is a database schema migration and how do you handle it?
Answer: Schema migration refers to evolving the database schema (adding tables, columns, indexes) as the application changes. Tools (Flyway, Liquibase, Alembic, Django migrations) manage versioned migration scripts. Migrations should be reversible, backward-compatible (e.g., add not-null column with default), and deployed before application code that expects new schema.
What is the role of a message broker? Name examples.
Answer: A message broker (RabbitMQ, Apache Kafka, ActiveMQ, Amazon SQS) translates messages between sender and receiver, decoupling services. It provides: persistent storage, routing (exchanges, queues), delivery guarantees (at-least-once, exactly-once), and fault tolerance. Kafka is optimized for high-throughput event streaming; RabbitMQ for complex routing.
What is a distributed tracing system? (e.g., OpenTelemetry, Jaeger)
Answer: Distributed tracing tracks a request as it flows through multiple services (microservices). Each service adds a span with timing and metadata. Tools like Jaeger, Zipkin, or AWS X-Ray visualize the trace, helping identify latency bottlenecks and errors. OpenTelemetry provides a vendor-agnostic API.
What is a circuit breaker pattern and why is it used?
Answer: The circuit breaker pattern prevents repeated calls to a failing service, allowing it to recover. States: closed (requests flow), open (requests fail fast), half-open (test after timeout). Implemented in libraries like Hystrix, Resilience4j, or Polly. It improves system resilience and prevents cascading failures.
What is a retry with backoff strategy? Give an example.
Answer: When an operation fails, retry using increasing delays (exponential backoff) to avoid overwhelming a recovering system. Example: first retry after 100ms, second after 200ms, third after 400ms, etc., up to a maximum delay, plus jitter (random variation). Used for network calls, database connection failures.
What is the difference between a library and a framework?
Answer: A library is a collection of functions that you call from your code; you control the flow. A framework inverts control – it calls your code (Hollywood principle: “Don’t call us, we’ll call you”). Frameworks provide a skeleton for the application, requiring you to fill in specific parts.
What are environment variables and how do you manage them in production?
Answer: (Earlier) Use environment variables to store configuration separate from code. In production, manage them via orchestration tools (Kubernetes Secrets, Docker Compose env files, AWS Parameter Store, HashiCorp Vault). Never commit secrets to version control.
What is the difference between logging and monitoring?
Answer: Logging records discrete events (errors, requests, debugging) as structured or unstructured text. Monitoring aggregates metrics (CPU, memory, request rate, latency) over time, often visualized on dashboards (Prometheus, Grafana). Both are complementary for observability.
What is structured logging?
Answer: Structured logging outputs logs as machine-readable structured data (JSON, key=value pairs) instead of plain text. It allows easier querying, filtering, and aggregation. Example: in JSON, {"level":"error","message":"DB connection failed","time":"...","service":"api"}.
What is the difference between HTTP/1.1 and HTTP/2?
Answer: HTTP/2 introduces multiplexing (multiple requests/responses interleaved over one connection), header compression (HPACK), server push (send resources proactively), and binary framing (instead of text). HTTP/2 is faster and reduces latency, but requires TLS (though not mandatory). Most modern back-ends benefit from HTTP/2.
What is gRPC and what are its advantages?
Answer: gRPC is a high-performance RPC framework using Protocol Buffers and HTTP/2. Advantages: smaller payload (binary), strong typing, automatic client/server generation, streaming, bidirectional communication, and built-in load balancing (with proxies). Ideal for internal microservices.
What is a GraphQL resolver?
Answer: A resolver is a function that tells GraphQL how to fetch the data for a specific field in the schema. Resolvers can be asynchronous, call databases, REST APIs, or other services. They form a graph where each field resolves independently, potentially causing N+1 problems (solved by dataloader).
What is idempotency in event-driven systems?
Answer: In event-driven systems (e.g., Kafka), consumers may receive duplicate events due to at-least-once semantics. Idempotent processing ensures handling the same event multiple times has the same effect. Techniques: store processed event IDs in a database, use idempotent operations (e.g., setting a status to “completed” rather than incrementing a counter).
What is the difference between a FIFO queue and a standard queue?
Answer: FIFO (First-In-First-Out) queues guarantee exactly-once processing and preserve message order, but have lower throughput (e.g., Amazon SQS FIFO). Standard queues offer higher throughput and at-least-once delivery, but messages may be delivered out of order and duplicates possible.
What is the Saga pattern for distributed transactions?
Answer: The Saga pattern manages distributed transactions by breaking a transaction into a sequence of local transactions, each with a compensating action (rollback). Two implementations: choreography (services publish events, each listens to execute its local transaction) and orchestration (central coordinator tells services what to do). Used to maintain eventual consistency.
What is a load balancer sticky session?
Answer: Sticky sessions (session affinity) ensure that a client’s requests are always directed to the same back-end server, typically using a cookie or IP hash. This is needed when server-side session state is stored in memory (not shared). For stateless services, avoid sticky sessions to maintain scalability.
What is a health check endpoint?
Answer: A health check endpoint (e.g., GET /health) returns a status (200 OK or 503) indicating whether the service is ready to accept traffic. Load balancers and orchestration systems (Kubernetes) use liveness and readiness probes to automate restarts and traffic routing. Include deeper checks (database connectivity, downstream service status).
What is the difference between a task queue and a message broker?
Answer: Task queues (e.g., Celery, RQ) are specialized for distributing asynchronous work (background jobs) with worker processes, often with retries, scheduling, and result storage. Message brokers (RabbitMQ, Kafka) are more generic for decoupling services, with advanced routing, persistence, and replay capabilities. A task queue can use a message broker as its transport.
What is the difference between structured concurrency and thread-per-request?
Answer: Thread-per-request assigns a dedicated OS thread for each request, which is expensive and limits scalability. Structured concurrency (e.g., Project Loom, Kotlin coroutines) uses lightweight virtual threads that are multiplexed onto carrier threads, allowing millions of concurrent tasks without blocking. Node.js (event loop) and frameworks like Netty use reactive patterns for similar efficiency.
What are the SOLID principles?
Answer: SOLID is a set of five object-oriented design principles: Single Responsibility (a class should have one reason to change), Open/Closed (open for extension, closed for modification), Liskov Substitution (subtypes must be substitutable for base types), Interface Segregation (clients should not depend on interfaces they don’t use), Dependency Inversion (depend on abstractions, not concretions). Essential for maintainable back‑end code.
What is the difference between a design pattern and an architectural pattern?
Answer: Design patterns (e.g., Singleton, Factory, Observer) are reusable solutions to common problems within a specific context, often at the class or method level. Architectural patterns (e.g., MVC, microservices, event-driven architecture) define the high-level structure of the entire application, including component interactions.
What is dependency injection and why is it useful?
Answer: Dependency injection (DI) is a technique where an object receives its dependencies from an external source rather than creating them internally. It promotes loose coupling, testability (mocking), and flexibility. Frameworks (Spring, ASP.NET Core, Dagger) provide DI containers to manage object lifecycles.
What is the difference between unit testing and integration testing?
Answer: Unit tests verify a single component (function, class) in isolation, mocking external dependencies. Integration tests verify that multiple components (or services) work together, using real databases, APIs, or message queues. Both are essential; unit tests are fast and numerous, integration tests slower but catch wiring issues.
What is mocking and stubbing in tests?
Answer: Mocking creates fake implementation of an external dependency (e.g., database, API) to test expected interactions (method call counts, arguments). Stubbing provides canned responses for specific calls without verifying behavior. Use libraries like Mockito (Java), unittest.mock (Python), Jest (JavaScript).
What is code coverage and is 100% coverage realistic?
Answer: Code coverage measures the percentage of code lines, branches, or paths executed during tests. 100% coverage is rarely realistic or even beneficial, as it may not catch logic errors or integration issues. Aim for high coverage (80-90%) on critical paths, but focus on meaningful tests rather than chasing numbers.
What is a continuous integration/continuous deployment (CI/CD) pipeline?
Answer: CI/CD automates building, testing, and deploying software. CI (Continuous Integration) merges code changes frequently and runs automated tests. CD (Continuous Delivery/Deployment) automatically deploys passing builds to staging or production. Tools: Jenkins, GitLab CI, GitHub Actions, CircleCI.
What is the difference between a proxy and a reverse proxy?
Answer: A forward proxy sits between clients and the internet, forwarding requests on behalf of clients (e.g., for anonymity, content filtering). A reverse proxy sits between the internet and back-end servers, forwarding requests on behalf of servers (for load balancing, SSL termination, caching). Both intercept requests but act for different parties.
What is a CDN and how does it help back-end performance?
Answer: A Content Delivery Network (CDN) caches static assets (images, CSS, JS) at edge locations close to users, reducing latency and server load. For dynamic content, CDNs can cache API responses (with proper cache headers) and offload SSL termination, improving back-end performance.
What is a back-pressure mechanism?
Answer: Back-pressure is a system’s ability to slow down or reject incoming requests when it is overloaded, preventing resource exhaustion. Examples: bounded queues that block producers, circuit breakers, rate limiting, or using reactive streams with non-blocking back-pressure (e.g., Akka, RxJava, RSocket).
What is the difference between a private and a public cloud?
Answer: Private cloud is dedicated to a single organization, hosted on-premises or by a third party, offering more control and security. Public cloud (AWS, Azure, GCP) offers shared infrastructure with pay-as-you-go pricing, massive scalability, and managed services. Hybrid cloud combines both.
What are the advantages of using Infrastructure as Code (IaC)?
Answer: IaC (Terraform, CloudFormation, Pulumi) manages infrastructure (servers, databases, networks) using declarative configuration files. Benefits: version control, reproducibility, automation, reduced human error, and easy rollbacks. It enables DevOps practices and immutable infrastructure.
What is the difference between a stateful and stateless application?
Answer: A stateless application does not store any client-specific data on the server between requests; any server instance can handle any request. It scales horizontally easily. A stateful application stores session state (e.g., shopping carts) on the server, requiring sticky sessions or external shared state (Redis, database).
How would you debug a memory leak in a Node.js application?
Answer: Use node --inspect and Chrome DevTools memory tab, take heap snapshots before and after suspected leak, compare to find retained objects. Use tools like node-memwatch, clinic.js, or npm packages like heapdump. Look for global variables, closures holding large data, unresolved event listeners, and caches without eviction.
What is a secondary index in a NoSQL database (e.g., DynamoDB)?
Answer: A secondary index allows querying on attributes other than the primary key. Global secondary indexes (GSI) can have a different partition and sort key, are eventually consistent. Local secondary indexes (LSI) share the same partition key but different sort key. They enable flexible query patterns but add write overhead and storage costs.
What are the trade-offs between consistency and availability in distributed databases?
Answer: According to the CAP theorem, during a network partition, you must choose between consistency (all nodes see the same data) or availability (every request gets a response). Many distributed databases favor availability with eventual consistency (Cassandra, DynamoDB) for high write throughput. Others (HBase, Spanner) choose consistency with reduced availability during partitions.
What is the difference between a database dump and a binary backup?
Answer: A database dump is a logical backup containing SQL statements to recreate the database. It is portable but slower to restore. A binary backup (physical) copies the database’s raw files; it is faster to restore and can be point-in-time recoverable, but it may be server-specific. Use logical for schema-only or cross-platform, physical for large production databases.
How would you design a URL shortener (like bit.ly) back end?
Answer: Use a REST API with a POST endpoint to accept long URLs and return a short code. Store mappings in a database with an auto-incrementing ID (or use base-62 encoding of sequential ID). Generate short code via base-62 (0-9, A-Z, a-z) of the ID to keep URLs short. Handle GET request for the short code; redirect to the original URL. Add caching (Redis), analytics (click counts, referer), and expiration policies. Consider using a globally unique ID generator (Snowflake) for distributed systems.
What is your preferred back-end technology stack and why?
Answer: I am comfortable with multiple stacks. For high-performance real-time applications, I prefer Node.js/Express with TypeScript and PostgreSQL for strong data integrity. For data-heavy or machine learning integration, Python (FastAPI/Django) with Celery for background tasks. For enterprise, Java Spring Boot or Go. I choose based on team expertise, project requirements, and ecosystem.
Why should we hire you as a back-end developer?
Answer: I have deep understanding of system design, databases, API development, and troubleshooting. I write clean, testable, performant code. I prioritize reliability, security, and observability. I collaborate well with front-end and DevOps teams, and I’m constantly learning to apply best practices. I deliver features that scale and survive real-world traffic.