Backend Interview Prep Flashcards
What Is CAP Theorem?
The CAP Theorem for distributed computing was published by Eric Brewer. This states that it is not possible for a distributed computer system to simultaneously provide all three of the following guarantees:
Consistency (all nodes see the same data even at the same time with concurrent updates )
Availability (a guarantee that every request receives a response about whether it was successful or failed)
Partition tolerance (the system continues to operate despite arbitrary message loss or failure of part of the system)
The CAP acronym corresponds to these three guarantees. This theorem has created the base for modern distributed computing approaches. Worlds most high volume traffic companies (e.g. Amazon, Google, Facebook) use this as basis for deciding their application architecture. It’s important to understand that only two of these three conditions can be guaranteed to be met by a system.
What REST stands for?
REST stands for REpresentational State Transfer. REST is web standards based architecture and uses HTTP Protocol for data communication. It revolves around resource where every component is a resource and a resource is accessed by a common interface using HTTP standard methods. REST was first introduced by Roy Fielding in 2000.
In REST architecture, a REST Server simply provides access to resources and REST client accesses and presents the resources. Here each resource is identified by URIs/ global IDs. REST uses various representations to represent a resource like text, JSON and XML. Now a days JSON is the most popular format being used in web services.
What are NoSQL databases? What are the different types of NoSQL databases?
A NoSQL database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases (like SQL, Oracle, etc.).
Types of NoSQL databases:
Document Oriented
Key Value
Graph
Column Oriented
What do you understand by NoSQL databases? Explain.
At the present time, the internet is loaded with big data, big users, big complexity etc. and also becoming more complex day by day. NoSQL is answer of all these problems; It is not a traditional database management system, not even a relational database management system (RDBMS). NoSQL stands for “Not Only SQL”. NoSQL is a type of database that can handle and sort all type of unstructured, messy and complicated data. It is just a new way to think about the database.
What is SQL injection?
Injection attacks stem from a lack of strict separation between program instructions (i.e., code) and user-provided (or external) input. This allows an attacker to inject malicious code into a data snippet.
SQL injection is one of the most common types of injection attack. To carry it out, an attacker provides malicious SQL statements through the application.
How to prevent:
Prepared statements with parameterized queries
Stored procedures
Input validation - blacklist validation and whitelist validation
Principle of least privilege - Application accounts shouldn’t assign DBA or admin type access onto the database server. This ensures that if an application is compromised, an attacker won’t have the rights to the database through the compromised application.
What is meant by Continuous Integration?
Continuous Integration (CI) is a development practice that requires developers to integrate code into a shared repository several times a day. Each check-in is then verified by an automated build, allowing teams to detect problems early.
Compare SQL databases and MongoDB at a high level
SQL databases store data in form of tables, rows, columns and records. This data is stored in a pre-defined data model which is not very much flexible for today’s real-world highly growing applications. MongoDB in contrast uses a flexible structure which can be easily modified and extended.
Difference between acceptance test and functional test?
Functional testing: This is a verification activity; did we build a correctly working product? Does the software meet the business requirements? A functional test verifies that the product actually works as you (the developer) think it does.
Acceptance testing: This is a validation activity; did we build the right thing? Is this what the customer really needs? Acceptance tests verify the product actually solves the problem it was made to solve. This can best be done by the user (customer), for instance performing his/her tasks that the software assists with.
Explain the architectural style for creating web API?
The architectural style for creating web api are
HTTP for client server communication
XML/JSON as formatting language
Simple URI as the address for the services
Stateless communication
How to mitigate the SQL Injection risks?
Prepared Statements with Parameterized Queries: Always ensure that your SQL interpreter always able to differentiate between code and data. Never use dynamic queries which fail to find the difference between code and data. Instead, use static SQL query and then pass in the external input as a parameter to query. Use of Prepared Statements (with Parameterized Queries) force developer to first define all the SQL code, and then pass in each parameter to the query later.
Use of Stored Procedures: Stored Procedure is like a function in C where database administrator call it whenever he/she need it. It is not completely mitigated SQL injection but definitely helps in reducing risks of SQL injection by avoiding dynamic SQL generation inside.
White List Input Validation: Always use white list input validation and allow only preapproved input by the developer. Never use blacklist approach as it is less secure than whitelist approach.
Escaping All User Supplied Input
Enforcing Least Privilege
Name some performance testing steps
Identify the testing environment Identify performance metrics Plan and design performance tests Configure the test environment Implement your test design Execute tests Analyze, report, retest
What are the advantages of Web Services?
Interoperability: Web services are accessible over network and runs on HTTP/SOAP protocol and uses XML/JSON to transport data, hence it can be developed in any programming language. Web service can be written in java programming and client can be PHP and vice versa.
Reusability: One web service can be used by many client applications at the same time.
Loose Coupling: Web services client code is totally independent with server code, so we have achieved loose coupling in our application.
Easy to deploy and integrate, just like web applications.
Multiple service versions can be running at same time.
What does Containerization mean?
Containerisation is a type of virtualization strategy that emerged as an alternative to traditional hypervisor-based virtualization.
In containerization, the operating system is shared by the different containers rather than cloned for each virtual machine. For example Docker provides a container virtualization platform that serves as a good alternative to hypervisor-based arrangements.
What is the difference between WHERE clause and HAVING clause?
WHERE clause can only be applied on a static non-aggregated column
we will need to use HAVING for aggregated columns.
Why Would You Opt For Microservices Architecture?
Microservices can adapt easily to other frameworks or technologies.
Failure of a single process does not affect the entire system.
Provides support to big enterprises as well as small teams.
Can be deployed independently and in relatively less time.
Name some Performance Testing best practices
Test as early as possible in development.
Conduct multiple performance tests to ensure consistent findings and determine metrics averages.
Test the individual software units separately as well as together
Baseline measurements provide a starting point for determining success or failure
Performance tests are best conducted in test environments that are as close to the production systems as possible
Isolate the performance test environment from the environment used for quality assurance testing
Keep the test environment as consistent as possible
Calculating averages will deliver actionable metrics. There is value in tracking outliers also. Those extreme measurements could reveal possible failures.
What Do You Mean By High Availability (HA)?
Availability means the ability of the application user to access the system, If a user cannot access the application, it is assumed unavailable. High Availability means the application will be available, without interruption. Using redundant server nodes with clustering is a common way to achieve higher level of availability in web applications.
Availability is commonly expressed as a percentage of uptime in a given year.
What Is ACID Property Of A System?
Atomicity - This property guarantees that if one part of the transaction fails, the entire transaction will fail, and the database state will be left unchanged.
Consistency - This property ensures that any transaction will bring the database from one valid state to another.
Isolation - This property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially.
Durable - means that once a transaction has been committed, it will remain so, even in the event of power loss.
What Is Sticky Session Load Balancing? What Do You Mean By “Session Affinity”?
Sticky session or a session affinity technique is another popular load balancing technique that requires a user session to be always served by an allocated machine.
In a load balanced server application where user information is stored in session it will be required to keep the session data available to all machines. This can be avoided by always serving a particular user session request from one machine. The machine is associated with a session as soon as the session is created. All the requests in a particular session are always redirected to the associated machine. This ensures the user data is only at one machine and load is also shared.
This is typically done by using SessionId cookie. The cookie is sent to the client for the first request and every subsequent request by client must be containing that same cookie to identify the session.
What Are The Issues With Sticky Session?
There are few issues that you may face with this approach
The client browser may not support cookies, and your load balancer will not be able to identify if a request belongs to a session. This may cause strange behavior for the users who use no cookie based browsers.
In case one of the machine fails or goes down, the user information (served by that machine) will be lost and there will be no way to recover user session.
What are disadvantages of REST web services?
Since there is no contract defined between service and client, it has to be communicated through other means such as documentation or emails.
Since it works on HTTP, there can’t be asynchronous calls.
Sessions can’t be maintained.
What are the DRY and DIE principles?
In software engineering, Don’t Repeat Yourself (DRY) or Duplication is Evil (DIE) is a principle of software development.
What are the difference between clustered and a non-clustered index?
A clustered index is a special type of index that reorders the way records in the table are physically stored. Therefore table can have only one clustered index. The leaf nodes of a clustered index contain the data pages.
A non clustered index is a special type of index in which the logical order of the index does not match the physical stored order of the rows on disk. The leaf node of a non clustered index does not consist of the data pages. Instead, the leaf nodes contain index rows.
What are the differences between continuous integration, continuous delivery, and continuous deployment?
Developers practicing continuous integration merge their changes back to the main branch as often as possible. By doing so, you avoid the integration hell that usually happens when people wait for release day to merge their changes into the release branch.
Continuous delivery is an extension of continuous integration to make sure that you can release new changes to your customers quickly in a sustainable way. This means that on top of having automated your testing, you also have automated your release process and you can deploy your application at any point of time by clicking on a button.
Continuous deployment goes one step further than continuous delivery. With this practice, every change that passes all stages of your production pipeline is released to your customers. There’s no human intervention, and only a failed test will prevent a new change to be deployed to production.
What is the difference between JOIN and UNION?
SQL JOIN allows us to “lookup” records on other table based on the given conditions between two tables.
UNION operation allows us to add 2 similar data sets to create resulting data set that contains all the data from the source data sets. Union does not require any condition for joining.
