🏗 Section 1 — Core Backend Fundamentals

1️⃣ What is backend development?

Answer:
Backend development is about building the server-side of applications:

Receives requests (from frontend/mobile/other services)
Processes business logic
Talks to databases, caches, queues, external APIs
Sends responses (usually JSON or HTML)

Key responsibilities:

API design (REST/GraphQL/gRPC)
Data modeling
Authentication & authorization
Performance & scalability
Observability (logging/metrics/tracing)

2️⃣ Difference between frontend and backend?

Frontend:
- Runs in browser or mobile app
- Technologies: HTML/CSS/JS, React, Angular, iOS/Android
- Handles UI/UX, rendering, user interaction
Backend:
- Runs on server
- Technologies: Java, Go, Python, Node.js, Spring Boot, Django, etc.
- Handles business rules, data storage, security, scaling

They communicate over HTTP/HTTPS APIs.

3️⃣ What is an API?

API = Application Programming Interface

In backend context, it usually means:

A contract for communication between systems.
Often over HTTP (REST, GraphQL, gRPC).

Example REST endpoint:


GET /users/123
→ 200 OK
{
  "id": 123,
  "name": "Vinod"
}

4️⃣ Types of APIs: REST, SOAP, GraphQL, gRPC?

REST
- Resource-based (/users, /orders)
- Uses HTTP verbs: GET/POST/PUT/PATCH/DELETE
- Response usually JSON
SOAP
- XML-based protocol
- Strict schemas (WSDL)
- Heavier, often used in legacy/enterprise/banking
GraphQL
- Client specifies exactly what data it needs
- Single endpoint (/graphql)
- Prevents over-fetching/under-fetching
gRPC
- Uses HTTP/2 + Protocol Buffers (binary)
- Very fast, good for service-to-service calls

5️⃣ What is REST? Key principles?

REST = REpresentational State Transfer

Key principles:

Client-Server separation
Stateless – no session stored on server between requests
Uniform interface – resources with URLs, standard methods
Cacheable – responses can be cached
Layered system – proxies, gateways in between

Example:


GET /products
POST /products
GET /products/10
PUT /products/10
DELETE /products/10

6️⃣ JSON vs XML?

JSON
- Lightweight, human-readable
- Native to JavaScript
- Used in most modern APIs
XML
- Verbose, uses tags
- Supports attributes, namespaces, schemas
- Common in SOAP, older systems

Example JSON:


{
  "name": "Vinod",
  "role": "Backend Engineer"
}

7️⃣ Idempotent HTTP methods?

A method is idempotent if calling it once or multiple times has the same effect on the server.

GET – safe & idempotent
PUT – idempotent (replace resource)
DELETE – idempotent (multiple deletes → still deleted)
HEAD / OPTIONS – idempotent

POST is NOT idempotent (multiple POSTs may create multiple resources).

8️⃣ Difference between PUT and PATCH?

PUT: Replace the entire resource
- Client sends full representation.
PATCH: Partially update resource
- Client sends only fields to change.

Example:


PUT /users/1
{ "name": "Vinod", "city": "Cupertino" }

PATCH /users/1
{ "city": "Cupertino" }

9️⃣ Stateless vs stateful application?

Stateless:
- Server doesn’t store client session between requests
- Each request has all data needed (token, user id, etc.)
- Easier to scale horizontally
Stateful:
- Server keeps session in memory
- Harder to scale (sticky sessions, shared session store)

Modern backend systems prefer stateless + JWT/session store.

🔟 What is middleware?

Middleware is code that runs before/after your main handler in the request pipeline.

Uses:

Logging
Authentication
Rate limiting
Request transformation

Example (pseudo):


[Client] → [AuthMiddleware] → [LoggingMiddleware] → [Controller]

1️⃣1️⃣ Authentication vs Authorization?

Authentication: “Who are you?”
- Login with username/password, token, OAuth
Authorization: “What are you allowed to do?”
- Roles, permissions

You authenticate first, then authorize.

1️⃣2️⃣ What is JWT?

JWT = JSON Web Token

Compact, URL-safe token
Has 3 parts: header.payload.signature
Contains claims like sub, role, exp
Stored on client (usually in header as Authorization: Bearer <token>)

Server verifies via signature (HMAC or RSA).

1️⃣3️⃣ What is OAuth2?

OAuth2 is an authorization framework that allows a third-party app to access user’s resources without sharing credentials.

Flows:

Authorization Code (web apps)
Client Credentials (service-to-service)
PKCE (mobile/native apps)

Example: “Login with Google” uses OAuth2.

1️⃣4️⃣ What is session management and how does it work?

Session = server-side state representing a logged-in user.

Common patterns:

Server generates session id, stores data in memory/Redis
Client stores session id in a cookie
Each request sends cookie → server looks up session

In JWT, session is often stateless (no server store).

1️⃣5️⃣ What is CORS and why needed?

CORS = Cross-Origin Resource Sharing

Browsers restrict JS calls from origin A to origin B.
If frontend is http://app.com and backend http://api.com, CORS is needed.

Server must send headers like:


Access-Control-Allow-Origin: https://app.com
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Headers: Authorization, Content-Type

🌐 Section 2 — HTTP & Networking

1️⃣6️⃣ Difference between HTTP and HTTPS?

HTTP – data sent in plain text
HTTPS – HTTP over TLS/SSL (encrypted)

HTTPS advantages:

Confidentiality
Integrity
Authentication (via certificates)

1️⃣7️⃣ What is TLS/SSL handshake (high level)?

Client → says hello, supported ciphers
Server → sends certificate (public key)
Client → verifies certificate
Client & server agree on session keys
They switch to encrypted communication

As backend engineer, you rarely implement this directly, but must know why HTTPS is secure.

1️⃣8️⃣ What is DNS and how does it work?

DNS = Domain Name System.

Maps domain names → IP addresses
When you hit https://google.com:
- Browser asks DNS resolver → gets IP
- Then opens TCP/TLS connection to that IP

1️⃣9️⃣ What is latency vs throughput?

Latency: time per request (ms)
Throughput: number of requests handled per unit time (req/sec)

We want:

Low latency
High throughput

They are related but optimizing one can hurt the other.

2️⃣0️⃣ What are WebSockets?

WebSockets provide full-duplex, long-lived communication between client and server.

Use cases:

Chat apps
Live dashboards
Real-time notifications

Unlike HTTP polling, WebSockets remain open and can push messages anytime.

2️⃣1️⃣ HTTP/1.1 vs HTTP/2 vs HTTP/3?

HTTP/1.1
- One request per TCP connection (keep-alive helps, but still limited)
HTTP/2
- Multiplexing over single TCP connection
- Header compression
- Better performance
HTTP/3
- Uses QUIC (over UDP)
- Faster connection setup, better in high-latency networks

2️⃣2️⃣ Persistent vs non-persistent connections?

Non-persistent: one connection per request
Persistent: connection reused for multiple requests

Persistent connections reduce latency & overhead (handshakes).

2️⃣3️⃣ What are cookies?

Small pieces of data stored in browser, sent with HTTP requests.

Use cases:

Sessions
Preferences
Tracking

Important flags:

HttpOnly – JS can’t read it
Secure – only over HTTPS
SameSite – mitigates CSRF

2️⃣4️⃣ HSTS & CSRF?

HSTS (HTTP Strict Transport Security):
- Tells browser: “Always use HTTPS for this domain”
- Prevents downgrade attacks
CSRF (Cross-Site Request Forgery):
- Attacker tricks user’s browser into sending authenticated request
- Defenses: SameSite cookies, CSRF tokens, double submit cookies

2️⃣5️⃣ What is rate limiting and why needed?

Rate limiting restricts API usage:

Protects against abuse & DDoS
Ensures fairness across users

Options:

Fixed window
Sliding window
Token bucket, Leaky bucket

Often implemented using Redis or API gateways.

🗄 Section 3 — Databases (SQL + NoSQL)

2️⃣6️⃣ Difference between SQL & NoSQL?

SQL (Relational):
- Tables, rows, columns
- Fixed schema
- Strong consistency
- Good for complex queries & joins
NoSQL (Document, Key-Value, Columnar, Graph):
- Flexible schema
- Scales horizontally easily
- Good for specific patterns (documents, graphs, time-series)

2️⃣7️⃣ What is ACID?

ACID = properties of reliable transactions:

Atomicity: all or nothing
Consistency: move from one valid state to another
Isolation: concurrent transactions don’t see partial results
Durability: once committed, it stays (even after crash)

2️⃣8️⃣ What is normalization?

Process of organizing data to reduce redundancy and improve integrity.

Forms:

1NF – atomic columns
2NF – no partial dependency on composite key
3NF – no transitive dependency on non-key

Trade-off: highly normalized → more joins, sometimes slower queries.

2️⃣9️⃣ What are indexes? Pros/cons?

Index = data structure (usually B-tree) to speed up searches.

Pros:

Faster reads (WHERE, ORDER BY)

Cons:

Slower writes (INSERT/UPDATE/DELETE must maintain index)
Takes disk/memory

Use indexes selectively on columns used in filters, joins, sorting.

3️⃣0️⃣ Primary key vs unique key?

Primary key
- Uniquely identifies a row
- Only one per table
- Cannot be NULL
Unique key
- Ensures uniqueness
- Multiple unique keys allowed
- Can usually contain NULL (DB-specific)

3️⃣1️⃣ What is sharding?

Sharding = splitting a large database into smaller chunks distributed across machines.

Strategies:

Range-based (id 1–1M → shard 1)
Hash-based (hash(userId) % N)
Directory-based (lookup table)

Used for horizontal scaling.

3️⃣2️⃣ What is replication?

Replication = copying data from primary to one or more replicas.

Use cases:

High availability
Read scaling (read from replicas)

Types:

Synchronous (strong consistency, higher latency)
Asynchronous (eventual consistency, faster)

3️⃣3️⃣ What is partitioning?

Similar to sharding but often within same logical database.

Horizontal partitioning: split rows
Vertical partitioning: split columns (hot vs cold data)

3️⃣4️⃣ What is CAP theorem?

In distributed systems, you can only fully guarantee two of:

Consistency (C) – all nodes see same data at same time
Availability (A) – every request gets response (success or failure)
Partition Tolerance (P) – system continues working despite network splits

Since P is required in distributed systems, systems lean toward:

CP (e.g., HBase)
AP (e.g., Cassandra)

3️⃣5️⃣ What is eventual consistency?

System guarantees that if no new updates, all reads will eventually see the same value.

Used in AP systems.

3️⃣6️⃣ SQL joins — types?

INNER JOIN – matching rows in both tables
LEFT JOIN – all rows from left + matches from right
RIGHT JOIN
FULL OUTER JOIN

3️⃣7️⃣ What is query optimization?

Improving query performance by:

Adding proper indexes
Avoiding SELECT *
Using appropriate joins
Analyzing execution plan
Denormalization when needed

3️⃣8️⃣ When to use NoSQL?

Good when:

Need horizontal scalability
Massive write volume
Schema flexibility
Specific data models: document, key-value, graph, time-series

Examples:

User activity logs
Caching
Product catalogs

3️⃣9️⃣ What is Redis used for?

Redis is an in-memory key-value data store, typically used for:

Caching
Session store
Rate limiting
Pub/Sub
Queues (with lists/streams)

4️⃣0️⃣ What is a time-series database?

Optimized for time-stamped data:

Metrics
Sensor data
Logs

Features:

Efficient storage for time-based queries
Downsampling, retention policies
Examples: InfluxDB, TimescaleDB, Prometheus (TSDB).

☁ Section 4 — Caching & Performance

4️⃣1️⃣ What is caching? Why needed?

Caching stores frequently accessed data in a faster layer (memory) to:

Reduce latency
Reduce database load
Improve throughput

4️⃣2️⃣ Types of caching?

Client-side – browser/local storage
Server-side (in-memory) – in app (e.g., in-memory map)
Distributed cache – Redis/Memcached
Database cache – query cache

4️⃣3️⃣ What is CDN?

CDN (Content Delivery Network):

Distributed servers across regions
Serves static content (images, JS, CSS, videos)
Reduces latency & load on origin server

4️⃣4️⃣ Redis vs Memcached?

Memcached
- Simple key-value
- Pure cache
Redis
- Rich data structures (lists, sets, sorted sets, hashes, streams)
- Persistence options
- Pub/Sub
- Better for complex use cases.

4️⃣5️⃣ Cache eviction policies?

LRU – Least Recently Used
LFU – Least Frequently Used
FIFO – First In First Out

Used when cache is full and we must remove keys.

4️⃣6️⃣ Write-through vs write-back cache?

Write-through
- Write to cache and DB at same time
- Slower write, safer
Write-back (write-behind)
- Write only to cache, DB updated later
- Fast writes, risk of data loss on crash

4️⃣7️⃣ Hotspot key problem?

When one key is accessed extremely frequently, causing:

Skewed load
Single-node pressure

Mitigation:

Shard manually (e.g., key:1, key:2…)
Local caching
Request coalescing

4️⃣8️⃣ Cache invalidation strategies?

Time-based (TTL)
Manual invalidation on update
Write-through and delete on change
Versioning (change key when data changes)

“Cache invalidation” is famously hard because stale data can cause bugs.

4️⃣9️⃣ Performance tuning techniques?

Use proper indexes
Reduce unnecessary DB calls
Batch writes
Minimize network hops
Caching
Asynchronous processing
Use connection pooling
Profile and measure (APM tools, tracing)

5️⃣0️⃣ Lazy loading vs eager loading?

Lazy loading – load related data only when needed
- Avoids loading unnecessary data
Eager loading – load related data immediately
- Avoids N+1 query problems if related data always needed.

📦 Section 5 — Distributed Systems

5️⃣1️⃣ What is a distributed system?

A system where components run on multiple networked machines but appear as one system to users.

Challenges:

Network failures
Partial failures
Consistency
Latency

5️⃣2️⃣ Monolithic vs Microservices?

Monolith
- Single deployable unit
- Simpler initially, harder to scale & maintain at large size
Microservices
- Many small services
- Independently deployable
- Complexity in communication, monitoring, data consistency

5️⃣3️⃣ Benefits of microservices?

Independent deployment
Technology flexibility
Smaller, focused codebases
Scalability per service

But also adds:

Operational complexity
Network overhead

5️⃣4️⃣ What is service discovery?

In microservices, instances come and go dynamically. Service discovery helps services find each other.

Client asks service registry (Eureka, Consul, etc.)
Gets list of available instances

5️⃣5️⃣ Why use message queues?

Queues like Kafka, RabbitMQ, SQS help:

Decouple services
Buffer load
Implement async processing
Improve reliability

5️⃣6️⃣ Kafka vs RabbitMQ (high-level)?

Kafka
- Log-based, partitions
- High throughput streaming
- Consumer groups, replayable messages
RabbitMQ
- Message broker with queues
- Flexible routing
- Good for task queues, RPC

5️⃣7️⃣ What is backpressure?

When downstream services or consumers can’t keep up with incoming data, they signal to slow down.

Backpressure strategies:

Drop messages
Buffer (with limits)
Throttle upstream
Use reactive streams

5️⃣8️⃣ Eventual consistency (again in distributed systems)?

System allows temporary inconsistencies but guarantees that eventually all nodes converge to same state.

Common in:

Replicated DBs
CQRS/Event Sourcing
AP systems

5️⃣9️⃣ What is leader election?

Choosing a single node to act as leader for a particular task.

Used in:

Coordination
Scheduling
Managing shared state

Tools: ZooKeeper, etcd, Consul.

6️⃣0️⃣ Heartbeat mechanism?

Regular “I am alive” signals from nodes:

If node stops sending heartbeats → presumed dead
Triggers failover, leader election, etc.

6️⃣1️⃣ What is circuit breaker pattern?

Protects system from repeatedly calling a failing service.

States:

Closed → calls pass through
Open → calls fail fast (no attempt)
Half-open → test few calls to see if dependency recovered

Libraries: Resilience4j, Hystrix (legacy).

6️⃣2️⃣ Saga pattern?

Saga = pattern for managing distributed transactions across microservices.

Types:

Choreography – services listen to each other’s events
Orchestration – central orchestrator tells services what to do

If one step fails → run compensating actions to undo previous steps.

6️⃣3️⃣ Retry vs dead-letter queues?

Retry:
- Attempt processing message again after failure
- Exponential backoff recommended
Dead-letter queue (DLQ):
- After N failures, message moved to DLQ for manual inspection

6️⃣4️⃣ Bulkhead pattern?

Partition your system so failure in one part doesn’t sink the entire system.

Examples:

Separate thread pools per dependency
Resource limits per service

6️⃣5️⃣ Idempotency in distributed systems?

Ensures repeating the same action multiple times has same effect.

Important for:

Payment APIs
Retry logic

Often implemented using:

Idempotency keys
Deduplication tables
Checking if operation already applied

🧠 Section 6 — System Design Scenarios

For these, you don’t need full designs here, but know the building blocks.

6️⃣6️⃣ Design a URL shortener (high-level points)

API:
- POST /shorten → returns short code
- GET /{code} → redirect

Key points:

Data model: code, original_url, created_at, expiry
Code generation: hash, base62, collision handling
Caching popular links (Redis)
Analytics (optional): click count, geo, etc.

6️⃣7️⃣ Design YouTube (video platform)

Services:
- Upload
- Encoding
- Metadata
- Streaming (CDN)
- Search
- Recommendation

Key points:

Object storage (S3/GCS)
Chunked upload
Background processing for encoding
CDN for delivery
DB for metadata (SQL + search index)

6️⃣8️⃣ Design WhatsApp messaging

Entities: users, conversations, messages
Real-time: WebSockets or similar
Message delivery:
- Store and forward
- Delivery receipts (sent/delivered/read)
Scaling:
- Shard by user id
- Message queues
- Encryption (E2E)

6️⃣9️⃣ Design e-commerce

Services: user, product, cart, order, payment, inventory
Flows:
- Browse products (read-heavy, cache)
- Add to cart
- Place order (transactional, inventory check)
- Payment integration
Use CQRS for read/write separation if needed.

7️⃣0️⃣ Design Uber (ride-hailing)

Real-time location updates (GPS)
Matching riders and drivers
Surge pricing
Map & routes
High read/write volume

7️⃣1️⃣ Design Instagram feed

News feed generation:
- Fan-out on write (precompute feeds) vs fan-out on read (compute on demand)
Use caching
Media on CDN

7️⃣2️⃣ Design payment gateway

Idempotency
Double-entry ledger
Strong consistency
PCI compliance (store as little sensitive data as possible)

7️⃣3️⃣ Design logging system

Agents collect logs → send to ingestion service
Store in time-series DB / Elasticsearch
Query UI
Indexing for search

7️⃣4️⃣ Design notification service

Multi-channel: email, SMS, push
Use message queues
Retries & DLQ
Templates for messages

7️⃣5️⃣ Design rate limiter

Sliding window / token bucket
Store counters in Redis
Key format: userId:minuteTimestamp

7️⃣6️⃣ Design caching layer

Cache aside / read-through
Choose TTL
Handle cache stampede (locking, random TTL)

7️⃣7️⃣ Design distributed file storage

Break files into chunks
Replicate across nodes
Metadata service tracking chunk locations

7️⃣8️⃣ Design search autocomplete

Trie / prefix index
Store frequency/popularity
Cache top results

7️⃣9️⃣ Design ticket booking (race conditions)

Handle overselling
Options:
- DB row locking
- Optimistic locking with version
- Reservation window

8️⃣0️⃣ Design chat application

Similar to WhatsApp design:
- Persistent messages
- Real-time layer
- Typing indicators
- Read receipts

🔐 Section 7 — Security

8️⃣1️⃣ OWASP Top 10 (high level)?

Common web app security risks like:

Injection (SQL)
Broken auth
Sensitive data exposure
XSS
CSRF
Insecure deserialization
etc.

Backend engineer must know SQL Injection, XSS, CSRF, secure storage.

8️⃣2️⃣ How to prevent SQL Injection?

Never concatenate user input:


"SELECT * FROM users WHERE name = '" + userInput + "'"

Use prepared statements / parameterized queries
ORMs usually handle this if used properly
Validate and sanitize inputs.

8️⃣3️⃣ What is XSS?

Cross-Site Scripting:

Attacker injects JS into page viewed by others.
Types: Stored, Reflected, DOM.

Backend defense:

HTML escape user input on output
Use security headers (Content-Security-Policy)

8️⃣4️⃣ CSRF vs XSS?

XSS: attacker runs JS in victim’s browser.
CSRF: attacker tricks browser into sending authenticated request.

Defenses for CSRF:

SameSite cookies
CSRF tokens
Double-submit cookie pattern

8️⃣5️⃣ How do you secure APIs?

Use HTTPS everywhere
AuthN: JWT, OAuth2, sessions
AuthZ: roles/permissions
Input validation
Rate limiting
Logging & monitoring
Avoid sensitive data leaks

8️⃣6️⃣ HTTPS certificate pinning?

Client stores expected server certificate (or public key) hash. If certificate doesn’t match → reject connection.

Used in mobile apps to prevent MITM even if CA compromised.

8️⃣7️⃣ Hashing vs encryption?

Hashing:
- One-way (irreversible)
- Use for passwords
Encryption:
- Two-way (decryptable)
- Use for sensitive data that you need to read later (e.g., card tokens)

8️⃣8️⃣ bcrypt vs SHA256?

SHA256 – fast hash, not suitable alone for passwords
bcrypt – slow, adaptive password hashing, includes salt

Always use bcrypt/argon2/scrypt for passwords.

8️⃣9️⃣ API token best practices?

Use strong random tokens
Store hashed on server if possible
Give minimal scopes/permissions
Set expiry
Rotate periodically

9️⃣0️⃣ DDoS protection strategies?

Rate limiting
WAF (Web Application Firewall)
IP blocking, geo-blocking
CDN offloading
Scaling out
Upstream protections (Cloudflare, AWS Shield, etc.)

🧪 Section 8 — Testing & Reliability

9️⃣1️⃣ Unit vs integration testing?

Unit tests:
- Test a single function/class
- Use mocks for dependencies
Integration tests:
- Test interaction between components
- Real DB/HTTP calls (or test containers)

Both are needed.

9️⃣2️⃣ What is mocking?

Replacing real dependencies with fake ones during tests.

Example:

Mock DB repository so service logic tested without real DB.

9️⃣3️⃣ Test Pyramid?

Shape of ideal test suite:

Base: lots of unit tests
Middle: fewer integration tests
Top: fewer end-to-end tests

9️⃣4️⃣ What is contract testing?

Ensures that two services (client & provider) agree on the same API contract.

Tools: Pact.
Useful in microservices to avoid breaking changes.

9️⃣5️⃣ Canary vs blue-green deployment?

Blue-Green:
- Two environments: blue (current), green (new)
- Switch traffic from blue → green at once
Canary:
- Gradually roll out new version to small % of users
- If OK, increase traffic

⚙ Section 9 — DevOps & Infra

9️⃣6️⃣ What is CI/CD?

CI (Continuous Integration):
- Every code change is built & tested automatically.
CD (Continuous Delivery/Deployment):
- Automatically deploy changes to test/stage/prod environments.

Tools: GitHub Actions, Jenkins, GitLab CI, CircleCI.

9️⃣7️⃣ Docker vs VM?

VM:
- Full OS
- Heavy, slower startup
Docker container:
- Shares host kernel
- Lightweight, fast startup
- Perfect for microservices

9️⃣8️⃣ Kubernetes basics?

Kubernetes orchestrates containers:

Pod – smallest deployable unit (one or more containers)
Deployment – manages replica sets, rolling updates
Service – stable IP/DNS for accessing pods
Ingress – route external HTTP traffic

9️⃣9️⃣ Logging & monitoring tools?

Logging: ELK stack (Elasticsearch, Logstash, Kibana), Fluentd
Metrics: Prometheus + Grafana
Tracing: OpenTelemetry, Jaeger, Zipkin

1️⃣0️⃣0️⃣ How do you debug production issues?

Typical steps:

Check logs (errors, stack traces)
Check metrics (CPU, latency, errors, DB connections)
Check recent deployments (did something change?)
Reproduce in staging if possible
Use tracing for distributed issues
Rollback or mitigate (feature flags, scale up)

Top 100 Backend Engineer Interview Questions (2026 Edition)

🏗 Section 1 — Core Backend Fundamentals

1️⃣ What is backend development?

2️⃣ Difference between frontend and backend?

3️⃣ What is an API?

4️⃣ Types of APIs: REST, SOAP, GraphQL, gRPC?

5️⃣ What is REST? Key principles?

6️⃣ JSON vs XML?

7️⃣ Idempotent HTTP methods?

8️⃣ Difference between PUT and PATCH?

9️⃣ Stateless vs stateful application?

🔟 What is middleware?

1️⃣1️⃣ Authentication vs Authorization?

1️⃣2️⃣ What is JWT?

1️⃣3️⃣ What is OAuth2?

1️⃣4️⃣ What is session management and how does it work?

1️⃣5️⃣ What is CORS and why needed?

🌐 Section 2 — HTTP & Networking

1️⃣6️⃣ Difference between HTTP and HTTPS?

1️⃣7️⃣ What is TLS/SSL handshake (high level)?

1️⃣8️⃣ What is DNS and how does it work?

1️⃣9️⃣ What is latency vs throughput?

2️⃣0️⃣ What are WebSockets?

2️⃣1️⃣ HTTP/1.1 vs HTTP/2 vs HTTP/3?

2️⃣2️⃣ Persistent vs non-persistent connections?

2️⃣3️⃣ What are cookies?

2️⃣4️⃣ HSTS & CSRF?

2️⃣5️⃣ What is rate limiting and why needed?

🗄 Section 3 — Databases (SQL + NoSQL)

2️⃣6️⃣ Difference between SQL & NoSQL?

2️⃣7️⃣ What is ACID?

2️⃣8️⃣ What is normalization?

2️⃣9️⃣ What are indexes? Pros/cons?

3️⃣0️⃣ Primary key vs unique key?

3️⃣1️⃣ What is sharding?

3️⃣2️⃣ What is replication?

3️⃣3️⃣ What is partitioning?

3️⃣4️⃣ What is CAP theorem?

3️⃣5️⃣ What is eventual consistency?

3️⃣6️⃣ SQL joins — types?

3️⃣7️⃣ What is query optimization?

3️⃣8️⃣ When to use NoSQL?

3️⃣9️⃣ What is Redis used for?

4️⃣0️⃣ What is a time-series database?

☁ Section 4 — Caching & Performance

4️⃣1️⃣ What is caching? Why needed?

4️⃣2️⃣ Types of caching?

4️⃣3️⃣ What is CDN?

4️⃣4️⃣ Redis vs Memcached?

4️⃣5️⃣ Cache eviction policies?

4️⃣6️⃣ Write-through vs write-back cache?

4️⃣7️⃣ Hotspot key problem?

4️⃣8️⃣ Cache invalidation strategies?

4️⃣9️⃣ Performance tuning techniques?

5️⃣0️⃣ Lazy loading vs eager loading?

📦 Section 5 — Distributed Systems

5️⃣1️⃣ What is a distributed system?

5️⃣2️⃣ Monolithic vs Microservices?

5️⃣3️⃣ Benefits of microservices?

5️⃣4️⃣ What is service discovery?

5️⃣5️⃣ Why use message queues?

5️⃣6️⃣ Kafka vs RabbitMQ (high-level)?

5️⃣7️⃣ What is backpressure?

5️⃣8️⃣ Eventual consistency (again in distributed systems)?

5️⃣9️⃣ What is leader election?

6️⃣0️⃣ Heartbeat mechanism?

6️⃣1️⃣ What is circuit breaker pattern?

6️⃣2️⃣ Saga pattern?

6️⃣3️⃣ Retry vs dead-letter queues?

6️⃣4️⃣ Bulkhead pattern?

6️⃣5️⃣ Idempotency in distributed systems?

🧠 Section 6 — System Design Scenarios

6️⃣6️⃣ Design a URL shortener (high-level points)

6️⃣7️⃣ Design YouTube (video platform)

6️⃣8️⃣ Design WhatsApp messaging

6️⃣9️⃣ Design e-commerce

7️⃣0️⃣ Design Uber (ride-hailing)

7️⃣1️⃣ Design Instagram feed

7️⃣2️⃣ Design payment gateway

7️⃣3️⃣ Design logging system