Backend Interview Prep

Question 1

What Is CAP Theorem?

Answer 1

The CAP Theorem for distributed computing was published by Eric Brewer. This states that it is not possible for a distributed computer system to simultaneously provide all three of the following guarantees:

Consistency (all nodes see the same data even at the same time with concurrent updates )
Availability (a guarantee that every request receives a response about whether it was successful or failed)
Partition tolerance (the system continues to operate despite arbitrary message loss or failure of part of the system)
The CAP acronym corresponds to these three guarantees. This theorem has created the base for modern distributed computing approaches. Worlds most high volume traffic companies (e.g. Amazon, Google, Facebook) use this as basis for deciding their application architecture. It’s important to understand that only two of these three conditions can be guaranteed to be met by a system.

Question 2

What REST stands for?

Answer 2

REST stands for REpresentational State Transfer. REST is web standards based architecture and uses HTTP Protocol for data communication. It revolves around resource where every component is a resource and a resource is accessed by a common interface using HTTP standard methods. REST was first introduced by Roy Fielding in 2000.

In REST architecture, a REST Server simply provides access to resources and REST client accesses and presents the resources. Here each resource is identified by URIs/ global IDs. REST uses various representations to represent a resource like text, JSON and XML. Now a days JSON is the most popular format being used in web services.

Question 3

What are NoSQL databases? What are the different types of NoSQL databases?

Answer 3

A NoSQL database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases (like SQL, Oracle, etc.).

Types of NoSQL databases:

Document Oriented
Key Value
Graph
Column Oriented

Question 4

What do you understand by NoSQL databases? Explain.

Answer 4

At the present time, the internet is loaded with big data, big users, big complexity etc. and also becoming more complex day by day. NoSQL is answer of all these problems; It is not a traditional database management system, not even a relational database management system (RDBMS). NoSQL stands for “Not Only SQL”. NoSQL is a type of database that can handle and sort all type of unstructured, messy and complicated data. It is just a new way to think about the database.

Question 5

What is SQL injection?

Answer 5

Injection attacks stem from a lack of strict separation between program instructions (i.e., code) and user-provided (or external) input. This allows an attacker to inject malicious code into a data snippet.

SQL injection is one of the most common types of injection attack. To carry it out, an attacker provides malicious SQL statements through the application.

How to prevent:

Prepared statements with parameterized queries
Stored procedures
Input validation - blacklist validation and whitelist validation
Principle of least privilege - Application accounts shouldn’t assign DBA or admin type access onto the database server. This ensures that if an application is compromised, an attacker won’t have the rights to the database through the compromised application.

Question 6

What is meant by Continuous Integration?

Answer 6

Continuous Integration (CI) is a development practice that requires developers to integrate code into a shared repository several times a day. Each check-in is then verified by an automated build, allowing teams to detect problems early.

Question 7

Compare SQL databases and MongoDB at a high level

Answer 7

SQL databases store data in form of tables, rows, columns and records. This data is stored in a pre-defined data model which is not very much flexible for today’s real-world highly growing applications. MongoDB in contrast uses a flexible structure which can be easily modified and extended.

Question 8

Difference between acceptance test and functional test?

Answer 8

Functional testing: This is a verification activity; did we build a correctly working product? Does the software meet the business requirements? A functional test verifies that the product actually works as you (the developer) think it does.

Acceptance testing: This is a validation activity; did we build the right thing? Is this what the customer really needs? Acceptance tests verify the product actually solves the problem it was made to solve. This can best be done by the user (customer), for instance performing his/her tasks that the software assists with.

Question 9

Explain the architectural style for creating web API?

Answer 9

The architectural style for creating web api are

HTTP for client server communication
XML/JSON as formatting language
Simple URI as the address for the services
Stateless communication

Question 10

How to mitigate the SQL Injection risks?

Answer 10

Prepared Statements with Parameterized Queries: Always ensure that your SQL interpreter always able to differentiate between code and data. Never use dynamic queries which fail to find the difference between code and data. Instead, use static SQL query and then pass in the external input as a parameter to query. Use of Prepared Statements (with Parameterized Queries) force developer to first define all the SQL code, and then pass in each parameter to the query later.

Use of Stored Procedures: Stored Procedure is like a function in C where database administrator call it whenever he/she need it. It is not completely mitigated SQL injection but definitely helps in reducing risks of SQL injection by avoiding dynamic SQL generation inside.

White List Input Validation: Always use white list input validation and allow only preapproved input by the developer. Never use blacklist approach as it is less secure than whitelist approach.

Escaping All User Supplied Input
Enforcing Least Privilege

Question 11

Name some performance testing steps

Answer 11

Identify the testing environment
Identify performance metrics
Plan and design performance tests
Configure the test environment
Implement your test design
Execute tests
Analyze, report, retest

Question 12

What are the advantages of Web Services?

Answer 12

Interoperability: Web services are accessible over network and runs on HTTP/SOAP protocol and uses XML/JSON to transport data, hence it can be developed in any programming language. Web service can be written in java programming and client can be PHP and vice versa.

Reusability: One web service can be used by many client applications at the same time.

Loose Coupling: Web services client code is totally independent with server code, so we have achieved loose coupling in our application.

Easy to deploy and integrate, just like web applications.
Multiple service versions can be running at same time.

Question 13

What does Containerization mean?

Answer 13

Containerisation is a type of virtualization strategy that emerged as an alternative to traditional hypervisor-based virtualization.

In containerization, the operating system is shared by the different containers rather than cloned for each virtual machine. For example Docker provides a container virtualization platform that serves as a good alternative to hypervisor-based arrangements.

Question 14

What is the difference between WHERE clause and HAVING clause?

Answer 14

WHERE clause can only be applied on a static non-aggregated column
we will need to use HAVING for aggregated columns.

Question 15

Why Would You Opt For Microservices Architecture?

Answer 15

Microservices can adapt easily to other frameworks or technologies.
Failure of a single process does not affect the entire system.
Provides support to big enterprises as well as small teams.
Can be deployed independently and in relatively less time.

Question 16

Name some Performance Testing best practices

Answer 16

Test as early as possible in development.
Conduct multiple performance tests to ensure consistent findings and determine metrics averages.
Test the individual software units separately as well as together
Baseline measurements provide a starting point for determining success or failure
Performance tests are best conducted in test environments that are as close to the production systems as possible
Isolate the performance test environment from the environment used for quality assurance testing
Keep the test environment as consistent as possible
Calculating averages will deliver actionable metrics. There is value in tracking outliers also. Those extreme measurements could reveal possible failures.

Question 17

What Do You Mean By High Availability (HA)?

Answer 17

Availability means the ability of the application user to access the system, If a user cannot access the application, it is assumed unavailable. High Availability means the application will be available, without interruption. Using redundant server nodes with clustering is a common way to achieve higher level of availability in web applications.

Availability is commonly expressed as a percentage of uptime in a given year.

Question 18

What Is ACID Property Of A System?

Answer 18

Atomicity - This property guarantees that if one part of the transaction fails, the entire transaction will fail, and the database state will be left unchanged.
Consistency - This property ensures that any transaction will bring the database from one valid state to another.
Isolation - This property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially.
Durable - means that once a transaction has been committed, it will remain so, even in the event of power loss.

Question 19

What Is Sticky Session Load Balancing? What Do You Mean By “Session Affinity”?

Answer 19

Sticky session or a session affinity technique is another popular load balancing technique that requires a user session to be always served by an allocated machine.

In a load balanced server application where user information is stored in session it will be required to keep the session data available to all machines. This can be avoided by always serving a particular user session request from one machine. The machine is associated with a session as soon as the session is created. All the requests in a particular session are always redirected to the associated machine. This ensures the user data is only at one machine and load is also shared.

This is typically done by using SessionId cookie. The cookie is sent to the client for the first request and every subsequent request by client must be containing that same cookie to identify the session.

What Are The Issues With Sticky Session?

There are few issues that you may face with this approach

The client browser may not support cookies, and your load balancer will not be able to identify if a request belongs to a session. This may cause strange behavior for the users who use no cookie based browsers.
In case one of the machine fails or goes down, the user information (served by that machine) will be lost and there will be no way to recover user session.

Question 20

What are disadvantages of REST web services?

Answer 20

Since there is no contract defined between service and client, it has to be communicated through other means such as documentation or emails.
Since it works on HTTP, there can’t be asynchronous calls.
Sessions can’t be maintained.

Question 21

What are the DRY and DIE principles?

Answer 21

In software engineering, Don’t Repeat Yourself (DRY) or Duplication is Evil (DIE) is a principle of software development.

Question 22

What are the difference between clustered and a non-clustered index?

Answer 22

A clustered index is a special type of index that reorders the way records in the table are physically stored. Therefore table can have only one clustered index. The leaf nodes of a clustered index contain the data pages.
A non clustered index is a special type of index in which the logical order of the index does not match the physical stored order of the rows on disk. The leaf node of a non clustered index does not consist of the data pages. Instead, the leaf nodes contain index rows.

Question 23

What are the differences between continuous integration, continuous delivery, and continuous deployment?

Answer 23

Developers practicing continuous integration merge their changes back to the main branch as often as possible. By doing so, you avoid the integration hell that usually happens when people wait for release day to merge their changes into the release branch.

Continuous delivery is an extension of continuous integration to make sure that you can release new changes to your customers quickly in a sustainable way. This means that on top of having automated your testing, you also have automated your release process and you can deploy your application at any point of time by clicking on a button.

Continuous deployment goes one step further than continuous delivery. With this practice, every change that passes all stages of your production pipeline is released to your customers. There’s no human intervention, and only a failed test will prevent a new change to be deployed to production.

Question 24

What is the difference between JOIN and UNION?

Answer 24

SQL JOIN allows us to “lookup” records on other table based on the given conditions between two tables.
UNION operation allows us to add 2 similar data sets to create resulting data set that contains all the data from the source data sets. Union does not require any condition for joining.

Question 25

What is the difference between Monolithic, SOA and Microservices Architecture?

Answer 25

Monolithic Architecture is similar to a big container wherein all the software components of an application are assembled together and tightly packaged.
A Service-Oriented Architecture is a collection of services which communicate with each other. The communication can involve either simple data passing or it could involve two or more services coordinating some activity.
Microservice Architecture is an architectural style that structures an application as a collection of small autonomous services, modeled around a business domain.

Question 26

Explain what is the API Gateway pattern

Answer 26

An API Gateway is a server that is the single entry point into the system. It is similar to the Facade pattern from object‑oriented design. The API Gateway encapsulates the internal system architecture and provides an API that is tailored to each client. It might have other responsibilities such as authentication, monitoring, load balancing, caching, request shaping and management, and static response handling.

A major benefit of using an API Gateway is that it encapsulates the internal structure of the application. Rather than having to invoke specific services, clients simply talk to the gateway.

Question 27

How does B-trees index work?

Answer 27

The reason B- trees are the most popular data structure for indexes is due to the fact that they are time efficient – because look-ups, deletions, and insertions can all be done in logarithmic time. And, another major reason B- trees are more commonly used is because the data that is stored inside the B- tree can be sorted. The RDBMS typically determines which data structure is actually used for an index. But, in some scenarios with certain RDBMS’s, you can actually specify which data structure you want your database to use when you create the index itself.

Question 28

What Is BASE Property Of A System?

Answer 28

BASE properties are the common properties of recently evolved NoSQL databases. According to CAP theorem, a BASE system does not guarantee consistency. This is a contrived acronym that is mapped to following property of a system in terms of the CAP theorem:

Basically available indicates that the system is guaranteed to be available
Soft state indicates that the state of the system may change over time, even without input. This is mainly due to the eventually consistent model.
Eventual consistency indicates that the system will become consistent over time, given that the system doesn’t receive input during that time.

Question 29

What do you understand by Distributed Transaction?

Answer 29

Distributed Transaction is any situation where a single event results in the mutation of two or more separate sources of data which cannot be committed atomically. In the world of microservices, it becomes even more complex as each service is a unit of work and most of the time multiple services have to work together to make a business successful.

Question 30

What is GOD class and why should we avoid it?

Answer 30

The most effective way to break applications it to create GOD classes. That are classes that keeps track of a lot of information and have several responsibilities. One code change will most likely affect other parts of the class and therefore indirectly all other classes that uses it. That in turn leads to an even bigger maintenance mess since no one dares to do any changes other than adding new functionality to it.

Question 31

What is Spike Testing?

Answer 31

Spike testing is a type of stress testing that evaluates software performance when workloads are substantially increased quickly and repeatedly. The workload is beyond normal expectations for short amounts of time.

Question 32

What’s the difference between faking, mocking, and stubbing?

Answer 32

Fake objects actually have working implementations, but usually take some shortcut which makes them not suitable for production

Stubs provide canned answers to calls made during the test, usually not responding at all to anything outside what’s programmed in for the test. Stubs may also record information about calls, such as an email gateway stub that remembers the messages it ‘sent’, or maybe only how many messages it ‘sent’.

Mocks are what we are talking about here: objects pre-programmed with expectations which form a specification of the calls they are expected to receive.

Question 33

When to Redis or MongoDB?

Answer 33

Use MongoDB if you don’t know yet how you’re going to query your data or what schema to stick with. MongoDB is suited for Hackathons, startups or every time you don’t know how you’ll query the data you inserted. MongoDB does not make any assumptions on your underlying schema. While MongoDB is schemaless and non-relational, this does not mean that there is no schema at all. It simply means that your schema needs to be defined in your app (e.g. using Mongoose). Besides that, MongoDB is great for prototyping or trying things out. Its performance is not that great and can’t be compared to Redis.

Use Redis in order to speed up your existing application. It is very uncommon to use Redis as a standalone database system (some people prefer referring to it as a “key-value”-store).