Interview Questions

Question 1

Walk us through the database schema of your itinerary app.

Answer 1

I have users, itineraries, and comments as main databases inside MongoDB. Itineraries also make reference to users, and comments. I found linking these tables were quite difficult at first due to my lack of knowledge and I’m still not completely sure how everything works under the hood but I hope to be able to dig deeper into this and become an expert.

Question 2

How do you handle authentication in your app?

Answer 2

I use JSON web tokens to store them in HttpOnly cookies for security. I then verify tokens on protected routes. I prefer using cookies over localStorage as cookies reduce XSS risk as they can’t be accessed via Javascript.

Question 3

How do you structure your backend folders in Express?

Answer 3

I separate routes, controllers, services, and models. Middleware is isolated too. It keeps logic clean and testable.

Follow-up: What would you change if it got huge?
A: I’d modularize by feature (e.g., /user, /itinerary) and maybe shift to a monorepo or microservice-style setup.

Question 4

What’s the most complex feature you’ve built in this app?

Answer 4

Combining itineraries across users with merge conflict resolution. Each task has metadata, and edits are tracked.

Follow-up: How do you detect conflicts?
A: I compare timestamps and task IDs during merge, and notify users if fields like location/time overlap.

Question 5

How do you handle form validation?

Answer 5

I use react-hook-form for speed and control, paired with Zod for schema validation.

Follow-up: Why not Formik?
A: Formik’s great, but react-hook-form has better performance, especially with complex dynamic forms.

Question 6

How do you design responsive layouts?

Answer 6

I use TailwindCSS and mobile-first design. Flex and grid layouts make it easy to adapt to different screen sizes.

Follow-up: What’s your approach for cross-browser testing?
A: I use Chrome DevTools, Firefox, and BrowserStack to spot layout bugs. I also run Lighthouse audits.

Question 7

How do you manage side effects in React?

Answer 7

I use useEffect with care, keeping dependencies tight. For async calls, I isolate them in services and handle cleanup.

Follow-up: What mistake did you learn from here?
A: Leaving stale closures in useEffect caused bugs. Now I memoize handlers and avoid nested async logic inside the hook itself.

Question 8

What’s your favorite clever frontend trick in the app?

Answer 8

Dynamic estimated cost calculator (calculated with tags e.g. museum, dinner (with levels)) that updates based on task data and compares to user’s budget in real time. With those tags you can also filter out and search through your itinerary for a specific activity that stays all throughout the itinerary.

Follow-up: How’s that implemented under the hood?
A: I debounce the input, pull relevant data, and compute totals in a reducer function. It’s responsive without over-rendering.

Question 9

How do you integrate with external APIs like Google Maps or weather data?

Answer 9

I use Axios in a Node middleware to call APIs securely, store results with TTL caching in MongoDB, and serve to frontend.

Follow-up: Why not call APIs directly from the frontend?
A: To avoid exposing API keys and stay within rate limits by caching and batching requests server-side.

Question 10

How would you monitor and log issues in production?

Answer 10

I could use tools like Sentry for the front-end and Winston Logger for the back end. I have never had ot log issues on production for high-traffic deployments.

I use SPL alerts for logging issues on Splunk.

Question 11

What’s the most challenging API you’ve worked with?

Answer 11

Google Maps — managing rate limits, billing quotas, and handling different data formats for directions and geocoding.

Follow-up: How did you optimize usage?
A: I throttle requests, cache results with coordinates, and provide fallback when usage nears the limit.

Question 12

How would you add offline support to your app?

Answer 12

I’d use service workers via Workbox to cache static assets and some API responses. IndexedDB for local drafts.

Follow-up: What data would you cache?
A: User itineraries, profile data, and static map tiles — anything needed to view or edit without full functionality.

Question 13

What’s something recent you learned that changed how you build?

Answer 13

TailwindCSS - Spent too much time figuring out CSS for basic things. Took time away from actual work. Spent a weekend figuring out the basics and went from there.

Question 14

How do you decide when to use a library vs building something yourself?

Answer 14

I weigh complexity, long-term maintenance, and how common the problem is. If it’s solved well already, I don’t reinvent.

Follow-up: Give an example of a “build it” moment.
A: I built my own PDF export rather than paying for a third-party service, since Puppeteer gave me more control.

Question 15

How do you balance adding features vs refactoring?

Answer 15

I aim for 80/20 — small, continuous refactors during feature work, bigger ones between sprints.

Follow-up: How do you know when it’s time?
A: When logic repeats or new bugs stem from complexity — I use that as a signal to simplify.

Question 16

How do you stay current with new tools or trends?

Answer 16

Twitter dev circles, YouTube channels like Fireship and Theo, and experimenting in side projects.

Follow-up: What trend are you currently exploring?
A: Server components in React — testing how to simplify backend/frontend coupling.

Question 17

What’s a project you admire technically and why?

Answer 17

Google. If you tried to pitch Google today, even knowing it’s possible and has been done for over 20 years, you’d still get crazy looks.

Question 18

How would you build a collaborative editing system?

Answer 18

I’d use WebSockets or WebRTC for live updates, a shared locking model to prevent conflicts, and optimistic UI rendering.

Follow-up: What’s a challenge with optimistic updates?
A: Rollback logic. If the server rejects a change, I need to revert the UI state and notify the user — tricky timing-wise.

Question 19

What’s your testing strategy like for your app?

Answer 19

Constant testing on client side (live in-app), and always trying to break the database on server side.

Question 20

How do you handle environment-specific config?

Answer 20

I use dotenv for local/dev, and host-managed env vars for staging/prod. Each build pulls the right set automatically.

Follow-up: What’s tricky about that?
A: Syncing keys across environments and preventing dev secrets from leaking into git. I now automate that setup with scripts.

Question 21

If an API you depend on goes down, how does your app respond?

Answer 21

I show fallback data or “unavailable” states with skeleton loaders. The backend caches stale responses for some time.

Follow-up: How would you simulate that in dev?
A: I use mock servers or intercept requests in the frontend with tools like MSW (Mock Service Worker).

Question 22

What’s one area of your project you’d rebuild entirely today?

Answer 22

The comment system. Right now it’s flat and basic — I’d redesign it to support threads, live updates, and moderation.

Follow-up: What’s holding you back?
A: Just time. It works, but rebuilding would mean updating schemas, relationships, and UI. On the roadmap though.

Question 23

You mentioned SPL and Splunk, which are specific to your current role. How do you feel about translating that knowledge into a more traditional web development context, particularly around full-stack development?

Answer 23

While SPL and Splunk are specialized tools for security data, I think the principles of data manipulation and optimization translate well into traditional web development. In my spare time, I’ve been working on a travel planning app built with the MERN stack (MongoDB, Express.js, React, and Node.js), and this project has allowed me to develop my skills in full-stack development.

For example, one feature I’m building is the ability to set a location and a number of days for a trip, then add specific tasks throughout the day. This requires handling user inputs, storing that data, and rendering it dynamically on the front end. I used React to manage state and display the itinerary, MongoDB to store the data, and Express/Node.js to build the API layer for managing user interactions with the itinerary.

A challenge I faced was handling travel time calculations. Users can set multiple destinations, and I needed to ensure that the app can calculate travel time between locations. I initially considered building an in-house solution for calculating travel time based on distance, but I ended up integrating Google Maps API for better accuracy and ease of use. This was a good exercise in how third-party services can streamline development and offer powerful features without reinventing the wheel.

Question 24

Speaking of third-party services, one of the features you mentioned for your travel app was integrating a weather API. How would you go about ensuring that integration is both scalable and secure, especially in a production environment?

Answer 24

For integrating the weather API in my app, I would make sure to follow some best practices around scalability and security. First, on the scalability side, I would use environment variables to store API keys securely rather than hardcoding them into the codebase. This helps with flexibility and allows me to change the key or switch between different environments (development, staging, production) without having to modify the code itself.

For scalability, I’d implement caching for weather data. Since weather information doesn’t change drastically every few minutes, I could cache the data in a Redis store and refresh it periodically—let’s say every 30 minutes. This reduces the number of requests to the weather API, which helps avoid hitting rate limits and reduces latency for users.

Security-wise, I’d ensure that all API calls are made over HTTPS to encrypt the data in transit. I’d also make sure the backend validates all API responses before sending them to the front end, in case the API provides any unexpected data. Additionally, I would rate-limit requests to avoid abuse and prevent denial-of-service attacks.

Question 25

You also mentioned allowing users to rate itineraries in your app. How would you approach managing this feature, particularly from a backend perspective in terms of data storage and performance?

Answer 25

For the rating feature, I would store the ratings in MongoDB, with each itinerary document containing an array of user ratings. Each rating would include the user ID, the score, and possibly a comment. To avoid performance issues when querying for high-traffic itineraries, I’d use a combination of a subdocument schema for ratings and indexes on frequently queried fields like itinerary ID and user ID. Additionally, I would calculate the average rating server-side to avoid overloading the client with too much computation. This would be updated in real time whenever a new rating is submitted. To ensure data integrity, I would implement a validation layer using Mongoose, to make sure that only valid data is inserted into the database. If the app scales up and the number of ratings per itinerary grows, I could consider splitting the ratings data into a separate collection and using a reference to the itinerary. This would keep individual itinerary documents lighter and more performant. Of course, I’d use MongoDB’s aggregation pipeline to quickly calculate average ratings without having to retrieve all the ratings each time.

Question 26

You mentioned the app would allow for social features, like users posting travel updates or following hashtags. How would you manage real-time interactions, such as users following each other or interacting with posts?

Answer 26

For real-time interactions, I would definitely leverage WebSockets or a real-time service like Socket.io. Using Socket.io with Node.js, I could easily set up a connection between the client and server to handle things like live updates to travel posts or instant notifications when someone comments or likes a post. For following users and hashtags, I would store this data in MongoDB, where each user’s document would have a list of followed users or hashtags. For performance, I would use a reference-based model, where each follow relationship is stored in a separate collection. When a user posts an update, the server can quickly notify all followers via WebSockets, without having to refresh the entire page. To handle a large number of real-time users, I could consider using a message broker like Redis Pub/Sub for distributing messages across multiple instances of the application. This would allow me to scale the real-time feature while keeping it efficient.

Question 27

Lastly, can you tell us about any particularly clever or elegant solution you've implemented in your side project or current role that you’re proud of?

Answer 27

One feature I’m particularly proud of is the integration of travel time estimation between locations. Initially, I was going to calculate travel time manually based on distance, but I realized that using the Google Maps API for this would not only save time but also improve accuracy. What I found elegant was how I was able to abstract away the complex logic of calculating travel time into a simple API call, which allowed me to focus more on the user experience and app performance. The clever part was also how I used the toggling feature to allow users to choose whether they wanted to calculate travel time from their previous destination or set a fixed starting point. This gave users more flexibility without complicating the app’s design. In my role at the cybersecurity company, I’m particularly proud of an optimization I implemented for real-time dashboards. Initially, the dashboards were slow due to the volume of data, but I was able to optimize the backend queries by pre-aggregating data and using a caching layer. This reduced load times dramatically and allowed the security analysts to interact with the data in real time, which is crucial for identifying security threats quickly.

Question 28

Tell us about a project you’ve worked on recently and walk us through the codebase. How did you approach the architecture, and what were some of the key decisions you made along the way?

Answer 28

One of the most recent projects I worked on is a travel planning app using the MERN stack (MongoDB, Express, React, Node.js). This app allows users to plan trips, create itineraries, and share them with others. The key architectural decisions revolved around how to structure the database and how to manage user interactions. For example, I used MongoDB to store itineraries, which allows for flexibility in terms of scalability and handling user-generated content. I used Express to build the back-end API, allowing users to create, update, and delete itineraries, while React handles the front-end with real-time updates. One of the critical features was integrating social media functionality, so I had to carefully plan out the authentication system. I used JWT for secure, token-based authentication to keep things lightweight, while ensuring users had a smooth experience when logging in through different platforms.

Question 29

You mentioned that you are working on a travel app. What was one of the technical challenges you faced when building it, and how did you go about solving it?

Answer 29

One of the main challenges I faced was implementing the travel time feature, which allows users to add travel times between different locations and estimate costs. Initially, I tried to implement this feature manually by calculating the distance between two locations and using static time estimates. However, this didn’t scale well as users added more destinations. To solve this, I integrated the Google Maps API to dynamically calculate travel times between locations in real time, using both driving and walking modes. This significantly improved the accuracy of travel time calculations. The challenge was managing API rate limits and ensuring that requests were optimized for performance, so I added caching to store frequently queried travel times for up to an hour, reducing unnecessary API calls.

Question 30

What’s something you’ve done in one of your projects that you consider clever or elegant? Can you explain why it stands out?

Answer 30

One feature I’m particularly proud of is the itinerary cost comparison feature. Users can set a budget and input estimated costs for various parts of their trip (e.g., transport, meals, activities), and the app will automatically compare the total cost to their budget. This involves some real-time calculations, which could become complex as the user inputs multiple data points. I built it in a way that’s both simple for the user and efficient in terms of performance. I used React’s useState and useEffect hooks to dynamically update the cost calculations without causing re-renders of unnecessary components. The backend then aggregates the cost data and compares it to the budget, ensuring everything is calculated in real time. It stands out because it uses a highly interactive UI without compromising performance, and it allows users to see cost implications as they plan, helping them stay within budget. The real elegance is in how it reacts to user input, adjusting dynamically while minimizing unnecessary calculations.

Question 31

Given that your current role is focused on cybersecurity and working with Splunk, how would you apply some of those skills to a web development project like this one?

Answer 31

In my current role, I work with Splunk to process and analyze large amounts of data. This has given me a strong understanding of data flow, optimization, and how to make sure systems remain scalable and performant. I believe these skills are transferable to any web development project, particularly when it comes to handling user data and optimizing database queries for performance. For instance, in my travel planning app, if I needed to track user interactions (e.g., which itineraries are most popular, which cities are being searched the most), I could apply the same principles I use in Splunk for efficient data indexing and real-time querying to keep the application’s performance smooth. Additionally, security is a critical aspect of both web development and cybersecurity, so my experience with secure data handling and encryption will influence how I build out authentication and user data storage. In this app, for example, I’d ensure that all sensitive user data is securely encrypted, both in transit and at rest.

Question 32

What are some areas of development that you are still working on improving, and how are you tackling them?

Answer 32

While I’m confident in my core full-stack skills, one area I’m actively working on improving is front-end performance optimization. As my travel app grows in features, ensuring that the front-end remains fast and responsive is crucial, especially as more dynamic content is added (e.g., real-time location data, user-generated comments, etc.). I’ve been exploring tools like React.memo, React.lazy, and Code-Splitting to improve performance by reducing unnecessary re-renders and lazy-loading only the components that are needed. Additionally, I’ve been experimenting with server-side rendering (SSR) to further improve performance, especially on the first load. I’m also familiarizing myself with performance profiling tools like the React Developer Tools and Lighthouse to get actionable insights on how to optimize rendering. I’ve been using online courses and tutorials, but I also dive deep into the official React documentation to ensure I fully understand the tools and patterns that best fit my use cases.

Question 33

Given that this is an agency role where you’ll face different challenges daily, how do you approach unfamiliar technology or problems?

Answer 33

When approaching unfamiliar technologies or challenges, I rely on a few strategies. First, I break the problem down into manageable parts to understand its core components. Then, I research the problem by reading documentation, forums, and looking at similar projects. I find that working through problems in small chunks allows me to get a better grasp of the solution. If I hit a roadblock, I often ask for help—either by reaching out to colleagues or looking for open-source solutions. I find that the development community is very collaborative, and many challenges have already been addressed in some way. For example, if I had to work with a new API I’ve never used before, I would start by reading through the API documentation thoroughly, exploring sample code, and then experimenting in a local environment to see how it behaves with the specific requirements of the project. I also use tools like Postman to test API endpoints before integrating them into the code. I think it’s important to remain adaptable and stay open to learning, especially in an agency environment where new technologies and challenges are part of the daily grind.

Question 34

Tell us more about the travel planning app — what parts of the stack have you been focusing on most?

Answer 34

It’s full MERN — MongoDB, Express, React, Node — but I’ve been especially focused on architecting the backend to support rich itinerary data. For example, itineraries are stored as documents in MongoDB with nested tasks, cost estimates, timestamps, and geolocation. I built a modular API using Express, and JWT-based authentication. On the frontend, I’ve implemented dynamic forms for creating itineraries, context-based state management for app-wide data like budgets and user profiles, and component-level logic for travel timelines. A big part of the challenge is scaling for social features — likes, comments, ratings — so I’m building out relational references between users and itineraries, using Mongoose population for fetching nested content efficiently.

Question 35

How do you usually work through problems you're unfamiliar with? Especially ones outside your current expertise?

Answer 35

My approach is always to break things down: identify the unknowns, prototype something fast and ugly, and isolate the parts I don’t understand. I’m very documentation-driven — I dig into official docs, and often use small REPL environments or CodeSandbox to test isolated features. For instance, I was new to handling OAuth flows when planning for Spotify playlist integration — so I started by mocking it in Postman, walking through the token lifecycle manually, and only then implemented the flow in Node. I’m not afraid to say “I don’t know” — but I do make sure I figure it out quickly.

Question 36

Why are you interested in this role, especially coming from cybersecurity?

Answer 36

Honestly, I’ve loved my time in cybersecurity — but I’ve always had a creative drive to build things end-to-end. What draws me to agency work is the variety and fast pace. I love the idea of picking up new challenges quickly, wearing different hats, and delivering something polished. I think my current experience gives me a solid foundation in robustness, performance, and secure data handling, while my side projects show I’m ready for real-world full-stack dev work.

Question 37

Can you give us an example of a time when your initial technical solution didn’t work out, and you had to pivot?

Answer 37

ah, definitely. On the travel app, one of the early features I implemented was itinerary autosave using localStorage. The idea was to let users build quick, anonymous itineraries without logging in — which worked well at first. But once I added more dynamic data like geolocation, weather forecasts, and image uploads, things started breaking. localStorage wasn’t enough — data size limits, poor serialization, and issues with restoring complex states like nested arrays and dates. So I pivoted to a hybrid approach: * For short-term anonymous sessions, I switched to IndexedDB using a lightweight wrapper to store richer JSON structures. * For logged-in users, I moved the save/load logic to the backend with versioning. This gave me more control, better reliability, and let me sync anonymous sessions to a user account later if they chose to sign up. It was a classic example of building something fast, seeing where it broke, and redesigning it in a way that scaled better.

Question 38

Can you talk about how you collaborate with others on technical problems, even if the project is your own?

Answer 38

Absolutely. Even though this travel planning app is something I’m building solo, I approach it like I would in a team — with structure, documentation, and regular feedback. For example, when I was working on the cost-splitting feature, I hit a point where I wasn’t sure how to model group expenses in a way that could scale across multiple users and days. Instead of just going down a rabbit hole, I treated it like a real-world problem — I did a bit of research into how tools like Splitwise structure their data, read through a few open-source repos, and then posted my initial schema to a couple of developer forums for feedback. I got some solid responses, rethought how I was linking users to transactions, and revised the structure to make it easier to query and update. It was a great example of how I try to avoid building in a vacuum — even if it’s a solo project, I actively seek out ways to get other perspectives and build something maintainable. In my day job, it’s the same — whether I’m working with security analysts or another developer, I always try to think about how to make my work easy for the next person to jump into. Clean commit messages, clear function names, and documentation go a long way.

Question 39

Why did you choose that tech stack (e.g., React, Node, MongoDB)?

Answer 39

I knew I wanted to make an app with React due to its demand in the industry, and I had just been learning about Node so I figured it was time to put them both together. I originally was going to make a PERN app but my Postgres woes had forced me to learn yet another new bit of tech. I considered this project a type of playground and I knew there would be lot’s of refactoring.

Question 40

How is the frontend structured? (e.g., components, state management, routing)

Answer 40

I use React bulletproof structuring so I have an application layer containing my main app.jsx, and then outside of that folder I have all of my assets, components, and state management .

Question 41

How is the backend structured? (e.g., MVC pattern, REST APIs, auth flow)

Answer 41

I follow a similar structure to the front end, so I have all of my routes, in one folder, controllers in another, as well as my database schema in its own DB folder.

Question 42

How do the frontend and backend communicate?

Answer 42

They communicate through CORS (cross origin resource sharing), which is basically a middleware that tells the client and server side that they’re friends and can share data through the different servers.

Question 43

Did you use any libraries or frameworks that really helped? Why those?

Answer 43

None on top of the MERN stack that I have, but I would really love to dig into Tailwind UI for React if it wasn’t paid.

Question 44

Did you use any design patterns or best practices?

Answer 44

* MVC pattern (Model-View-Controller) * * Organised my backend into Models (data), Views (optional for APIs), and Controllers (logic) * * Keeps code modular and separates concerns - scalable * Component based architecture for React * * Making sure I broke UI into reusable, small components * * Promotes reusability and easier testing/debugging * Environment config with .env * * Store secrets and environment-specific values with .env * Async/await + try/catch for API calls * * Avoid callback hell or unhandled promise rejections

Question 45

How did you manage the codebase? Monorepo or separate repos?

Answer 45

I’d like to get my app to a certain 1.0.0 version before I put it on Github. For security reasons I would like everything to be dialed down completely before I go and make it accessible (although I could just have a private repo).

Question 46

What was one tricky bug you ran into and how did you solve it?

Answer 46

* We found that on a bunch of customers we had double extraction. KV_MODE=JSON and INDEXED_EXTRACTIONS=JSON. Had to go through a lot of different apps on a few different customers to find out the difference and had to compare the configs in the TA’s to find out that Splunk was being told to do something twice. * I was issuing JWT with a short expiration and didn’t think about what would happen when it expired, and didn’t have a refresh token flow. If I didn’t make an API call within a couple of minutes I'd be automatically logged out, and the backend middleware I had setup didn’t properly send a 401 response when the token expired and it would occasionally crash due to an unhandled exception. At first, I thought it was a React state bug, but after adding some console logs and checking network requests I realized the back end was returning 401 errors. * I fixed it by generating refresh tokens and adding a refresh-token endpoint and stored the refresh token in HTTP-only cookies. When the access token expires, the frontend fetches a new one. I then updated the middleware to catch and handle those 401 errors.

Question 47

What was a performance or scalability concern, and how did you handle it?

Answer 47

I was concerned with users uploading PDFs to their itinerary and high res images so I used Cloudinary to store those. I am also looking into offloading PDF generation to a background queue using Bull and Redis, so user requests can stay snappy.

Question 48

How did you test frontend and backend interactions?

Answer 48

For testing frontend-backend interactions, I usually take a few-layered approach. First, I use tools like Postman or Thunder Client to test backend endpoints independently - making sure they're returning the right data and status codes. Then, on the frontend, I’ll hook up those endpoints and test them in the browser or with React Testing Library for component behavior. I also use console logs and network tab debugging to verify that data is moving correctly between client and server

Question 49

What’s the difference between client-side and server-side rendering in React apps?

Answer 49

Client-side rendering (CSR) means that the browser downloads a minimal HTML page and uses JavaScript to render the app's content. This leads to faster initial load times after the JavaScript is loaded but can have slower first-page render and SEO challenges. Server-side rendering (SSR) means that the server generates the HTML content for each page request and sends it to the browser. This improves the first-page load time, SEO, and allows content to be visible without waiting for JavaScript, but may require more server resources and setup. In short: CSR relies on the browser to render the page, while SSR renders the page on the server and sends a fully-formed HTML response.

Question 50

What’s the difference between useEffect and useLayoutEffect? When should you use each?

Answer 50

Both of these can be used to basically do the same thing but they have slightly different use cases. useEffect allows you to perform side effects such as fetching data or directly updating the DOM, after a component renders. However, if your effect is mutating the DOM and the DOM mutation will change the appearance of the DOM node between the time that it is rendered and your effect mutates it, then you'll want to use useLayoutEffect.

Question 51

What is the difference between a controlled and uncontrolled component in React?

Answer 51

In React, controlled components manage form data using React state, while uncontrolled components rely on the DOM to handle the data.