25
21 Premium Backend Interview Questions and Preparatory Answers
1). What is the impact of having two for loops nested in a code and how do you reduce this impact?
Well, nested for loops are not so ideal for large data. So, let’s use the big O notation to analyze this. You would notice that a single loop would run for as much the size of the array. So here, worst-case scenario, the first loop is going to run for n times. Now that we have another for loop nested, it is going to run for n* n times. And that is n square which is a quadratic time complexity and it is not a good threshold for a large application. Imagine you have billions of records you want to iterate over. Although the good part is that its space complexity is 0(1) because there are no key-value pairs.
A solution to reduce the impact is to use a data structure such as a dictionary or map because with dictionaries you can iterate once within the key-value pairs reducing the time complexity to linear complexity0(n). However the space complexity now increases since for every key, it would need a space of n for the value, so we have 0(n) as its space complexity.
2). Explain database indexes
DB indexes are very handy. Without it, you are left to heaped storage which is not an efficient way of storing data. With indexes, your select queries would be faster as it uses this approach. Let us assume a library is our database and the books are the tables. If those books are arranged in rows just like a row on a DB without appropriate pagination, it would be harder to search for a book if there are lots of books in the library. So, DB indexing is like adding pages to your DB. You can add this to unique columns such as your primary key and unique keys and also for columns/objects that have a high data variance such as username. There are various best practices to indexes. One of which is not to add too many indexes as it can slow down performance and increase the time for Insert and update operations.
3). Explain the SOLID concept in terms of OOP.
SOLID guides you to an efficient object thinking approach and writing better object-oriented code. Single responsibility states that a class should have only one job. A class is a blueprint and should be a blueprint for what is defined. Doing more than what is defined is wrong and should be separated into another class. The open-closed principle is just saying classes or entities should rather be built to be extensible than modifiable just to ensure re-usability. The Linskov substitution principle encourages the use of an interface to build two entities or classes of similar sets. So if we have a square that is a subset of a rectangle, we should be able to define an interface that would serve as a blueprint of implementing the two entities instead of writing the implementation in their respective classes. Interface segregation says a client should never be forced to implement an interface/object it doesn’t use while the dependency inversion doesn’t want higher modules to be dependent on lower modules. Just like MySQL connection class depending on your custom connection class by passing it directly in the constructor. Instead, an interface should be used to fix or invert the dependency to scale.
4). Explain the concept of ACID as regards transactions?
A transaction is a logical unit of processing in a DBMS(mostly relational DB but some document-oriented DBS are starting to use it). Mongo from version 4.0 uses it for instance. A transaction is said to be successful if it is ACID compliant where A is for atomicity where all or none of the transaction is either executed. So let’s say I want to transfer 3000 dollars to my online wallet. It’s either the whole 3000 is sent or none is sent. You cant have 2000 sent for instance. So, in short, transactions cannot be incomplete unless they would not occur at all. For isolation, it just makes sure that execution is separated from another. Let’s say a promotion website says the first person to visit their site today would get free cash and two users visit at the same time. The DB processing is still meant to process each instruction differently so that one does not affect the other. The concurrency control unit in DBMS is responsible for this. At the end of the day, we might have 2 winners based on the timestamps but for the DB, they were both processed differently. This is quite similar to multithreading. Durability says as long as execution has been committed, no matter what happens. Server failure, downtime no matter what, the commit would still have registered. So, you pay your money to your online wallet and it hits the account. And maybe 5 minutes later your financial institution’s server is down. The money should still be in the wallet if the transaction has been processed. The recovery management component is responsible for that in DBMS. An atomic, isolated, and durable, transaction would eventually be consistent because consistency means that the transaction must follow the defined rules and restrictions of the database which are what is in the AID of ACID.
5). Define some API best practices and sample requests?
So, one rule is not to use verbs in defining APIs.
Sample requests are:
GET xyzapi/v1/customers
Get xyzapi/v1/customers/1
Get xyzapi/v1/customers/:id?field={field}
POST xyz/customers
PUT xyzapi/v1/customers/:id
PATCH xyzapi/v1/customers/:id
DELETE xyzapi/v1/customers/:id.
Other practices include: you should never pass sensitive information via a query string; there is no use for query string in POST requests as the body is a better approach to receive inputs; versioning should be maintained; also use authentication methods such as jwt, ssl and oauth2; have an API key; never store passwords or sensitive data in a plain format; prevent brute force by returning 429 for many bad requests; sanitize inputs before processing; return appropriate and valid HTTP error responses
e.g:
[
{
“error”: unauthorized,
“status”: 401
}
]
6). What does backend development mean to you?
This could be a subjective question. But it could be key to note that backend development is building the services, tools that touch on the application’s logic. Also, it would be good to state the role of backend development in the software engineering process and its importance. And you can also add your reason for your tailored interest in backend development.
For instance: I developed an interest in software engineering because I wanted to make games. So about 11 years ago, I watched a tutorial on Youtube on a guy making a ping pong game with Java. I was not enthused with the beautiful board design or the pretty bouncing ball, I was more amazed at the logic that powered the movement and how the computer knows when to increase the score, make the ball go faster, and all of those kinetics. Little did I know that this was the start of my backend development journey.
7). What does cloud hosting mean?
Cloud hosting simply means renting a server that is accessible via the internet where you “pay-as-you-go” i.e. you pay according to the number of resources you use which are majorly computing power/storage. There are majorly IAAS(Infrastructure as-a-service) and PAAS(Platform as-a-service) where the former allows you to manage your infrastructure such as EC2/digital ocean and the latter provides a layer of control where you can customize and do your server control on the fly just like Heroku and Elastix beanstalk where you need little DevOps experience. Other types of deployment include FASS(Function as-a-service) used for serverless and SASS(Software-as-a-service) where neither infrastructure nor platform-based services are provided. It’s cool to run automated tests before deployment and deploy putting in mind that there might be room for horizontal and vertical scaling in the future.
8).What is test driven and behavioral driven development?
TDD is when you do tests and verify that it works before you even start coding. While BDD is the same thing with a difference that the tests are more user-focused.
9). What is Agile Development?
Talk on collaboration, communication, flexibility, teamwork, iteration, change, value as a motivation for change, independence, less documentation. Talk on the various types: SCRUM, KANBAN, XP. The various roles involved such as product owner, scrum master, service delivery manager, service request manager etc. Talk on enabler tools such as JIRA, slack, etc.
10). Define a database schema for a real-life scenario?
Define a schema with the best form of normalization you can go if it is an operational scenario. If it is a reporting scenario, make sure schema is denormalized. Add the right foreign keys, including generic columns and columns that the interviewer is not thinking about. Make sure you add audit columns. Specify columns that could be used for indexing and you could also define some triggers alongside.
11). What are some backend programming best practices?
Give examples of how you can KISS, YANGI,and DRY.
12). What language do you prefer to use to write code and why?
Of course, say the language used by the interviewer’s company. Your points should revolve around the programming architecture in the case of NodeJS for javascript, RAD in the case of ruby on rails for ruby, and other use-cases such as not reinventing the wheel, security, flexibility, and maintainability. Even less popular languages such as Perl have their advantages. Perl for instance is a domain expert in network automation.
13). What should be the content of a log file and how will you search a log file with billions of records in terms of best practices?
All log files should have different logs with these identifiers: The error level. Whether trace or debug which should not be in production logs anyways or maybe information logs if you don’t have a monitoring tool where you can log events for this. Then error logs are another level that should be caught (refer to my article).
here: error-driven development?
Then critical logs such as runtime exceptions, your try, and catch for instance should be logged as critical. You should have all logs classified in this manner from a global configuration. Maybe in your Web.config or appsettings.json . If you have a lot of logs, you might not want to store them locally. You might want to store it in a distributed manner. You can also use log tools such as serielog or elastic search, then you can now index your logs just like a database indexing. So when searching through it rather than using grep
.
grep [options] [pattern] [file] e.g. grep –I ‘error’ babel.log.
You can then do an advanced search using your indexing. This is called data ingestion. Or distributed logging.
Remember the 5 log levels: Trace, debug, information, warning, error, critical.
14). Explain some design patterns and architecture you know.
Talk about DAO, singleton, ORM, MVC, MVVM, MTV, observer, event-driven architecture, API-led architecture, monolith, micro-services etc.
15). Explain web security
Talk on Sql injection, session hijacking, CRSF, CORS, bot attack, brute force etc.
16). What are background services as regards queueing system?
A queuing system means first in first out. So Amazon S3 for instance where you can store images has what you call a bucket. So a client uploads a file, a background service picks up and notifies the web process that a job is to be performed. The web process then puts it in a queue and returns a response to the client that the job is pending while the worker process picks it up. Once the worker process finishes the job, it persists the outcome of the task. For instance, the S3 URL is persisted. The client keeps polling constantly until the task is completed and can then finish the upload file process. Back then in PHP, to do something like this PHP holds the image in a temporary file. But this is a better approach to handling file upload. Apache Kafka, Apache Upstart and Sidekiq are some tools to handle background services and queuing systems.
17). How do you prevent SQL injection
User inputs should be sanitized and one way to do this is using a prepared statement. When you stack your queries, it is a way of getting all the contents of your database. You may never want to use staked queries. Also, you should never show your SQL errors to the user hence it can be penetrated if the hacker knows the table name and what the error is saying to inject your tables. You can also use abstraction layers such as an ORM which reduces the risk of this happening. Although sanitizing your inputs can pull out some edge cases, so it might not be the best approach. The best would be prepared statements and ORM. Error disabling from users and prevention of multiple stacked query statements is also a way of preventing SQL injections.
18). What is the ideal process if a bug is reported by a user of an application
The ideal process is for the first-level support to have tried the basic things to help the user so as not to waste time and collected the necessary information such as pictures or recorded video which second-level support can use to debug in any case has to be escalated. Some first-level support helpers could be pinging to see things that are up or not. While second-level resolution techniques could be checking the APM or NPM(Application or Network Performance Monitoring) tools to see CPU, memory, code-level performance, web services, caches, database, logs, etc. New R5elics, Datadog, net-data, Solarwinds are some nice APM/NPM tools. If you detect a fault that requires a change, then it should be followed by a change management process. But it should never get to a stage where the user starts complaining of problems before the necessary modifications which ought to be done are done. The monitoring tools should also be monitored daily to check even before a fault is detected.
19). How will you ensure your database is optimal in cases of multiple asynchronous requests?
So on the application side, you can make sure your database connection is a singleton. On the app and even the database side, you can cache your queries to return stored results. You can have stored procedures for regular queries or scale your database maybe through clustering and indexing. Just to make sure your querying or your requests are regulated. Even besides that, it gives your database more durability so latency is increased and performance is not reduced. And ensure that you close open connections in your script. So that unnecessary connections would not be propagating with time.
20). What are some Advanced OOP concepts?
Talk about demeter, abstraction, dependency injection/isolation, and interfaces.
21). How do you improve your database queries
Select only columns you need; use case instead of update; make use of temporary tables often when writing join statement; break operations that involve several tables into routine instead of one transaction; use stored procedures; edit your ORM to use your stored procedure instead of using the default; keyword distinct can slow down performance; don’t write queries that favor negative searches instead write queries that favor the positive. Avoid using * on aggregate functions unless you need to. Also, you won’t want to use nested views because they cause lags and lags are not good either. I swear lags are never good for the soul. That is the gospel truth.
Note: Never forget to ask your own premium questions!
25