Wiki.Quizz.vn

User Tools

Site Tools

Trace: interview phongledev
skills:interview

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
skills:interview [2026/06/11 00:05] phong2018skills:interview [2026/06/15 10:07] (current) – [Transactions] phong2018
Line 1: Line 1:
-====== Senior PHP/Laravel Backend Interview Questions ======+====== Senior PHP (Laravel/Symfony) & Golang Backend Interview Questions ======
  
-===== PHP / Laravel / Symfony ===== +===== PHP Fundamentals =====
- +
-==== PHP Fundamentals ====+
  
 1. What are PSR standards and why do they matter? 1. What are PSR standards and why do they matter?
  
-2. What new PHP features have you used in PHP 8.x?+2. What new features in PHP 8.x have you used?
  
 3. How does Composer autoloading work? 3. How does Composer autoloading work?
Line 13: Line 11:
 4. What is the difference between interface, abstract class, and trait? 4. What is the difference between interface, abstract class, and trait?
  
-5. What are attributes in PHP and when would you use them?+5. What are PHP attributes and when would you use them?
  
 6. How does PHP-FPM work? 6. How does PHP-FPM work?
Line 19: Line 17:
 7. How does OPCache improve performance? 7. How does OPCache improve performance?
  
-8. What are common memory issues in PHP applications?+8. Explain the lifecycle of an HTTP request in PHP.
  
-==== Laravel & Symfony ====+9. How does memory management work in PHP?
  
-9How does Laravel's service container work?+10Can PHP handle concurrency? What approaches can be used?
  
-10What are Laravel service providers?+11How would you implement concurrent API calls in PHP?
  
-11How does dependency injection work in Laravel?+12What are Fibers in PHP?
  
-12How do you handle long-running tasks in Laravel?+13What is Swoole/RoadRunner and how do they differ from PHP-FPM?
  
-13How does Laravel Queue work?+14What do the three numbers in Semantic Versioning (MAJOR.MINOR.PATCH) mean?
  
-14. Explain Laravel Events and Listeners.+===== Laravel & Symfony =====
  
-15Explain Laravel Middleware.+1How does Laravel's service container work?
  
-16How does Eloquent ORM work internally?+2What are Laravel service providers?
  
-17What are the advantages and disadvantages of Eloquent vs Query Builder?+3. Explain Dependency Injection in Laravel.
  
-18. Explain Symfony's Dependency Injection component.+4How do Laravel middleware work?
  
-19What is the Symfony Event Dispatcher?+5How do Laravel events and listeners work?
  
-20Which Laravel version are you currently using? Which Symfony version are you currently using?+6How do Laravel queues work?
  
-==== REST API Design ====+7. How do you handle long-running tasks in Laravel?
  
-21What are the common HTTP methods used in REST APIs and what do they mean?+8How does Eloquent ORM work internally?
  
-22. What is the difference between HTTP 401 and HTTP 403?+9. What are the advantages and disadvantages of Eloquent vs Query Builder?
  
-23What are some other important HTTP status codes?+10. Explain Symfony Dependency Injection.
  
-24How do you version APIs?+11. Explain Symfony Event Dispatcher.
  
-25How do you handle pagination?+12. Explain Symfony Messenger.
  
-26How do you design APIs for web, mobile, and third-party consumers?+13Which Laravel and Symfony versions are you currently using?
  
-27. What are idempotent APIs?+===== Golang =====
  
-28. How do you design scalable RESTful API?+1. Explain the lifecycle of an HTTP request in Go. 
 + 
 +Go's HTTP server accepts a connection, creates goroutines to handle requests, executes middleware and handlers, writes the response, and then either reuses or closes the connection. 
 + 
 +2. What is a goroutine? 
 + 
 +A goroutine is a lightweight thread managed by the Go runtime that enables concurrent execution. 
 + 
 +3. Goroutine vs Thread? 
 + 
 +Goroutines are much lighter than OS threads and are multiplexed onto threads by Go's scheduler. 
 + 
 +4. What is a channel? 
 + 
 +Channels allow goroutines to safely communicate and synchronize without shared memory. 
 + 
 +5. Buffered vs Unbuffered channels? 
 + 
 +Unbuffered channels synchronize sender and receiver immediately, while buffered channels allow limited asynchronous communication. 
 + 
 +6. What is a select statement? 
 + 
 +Select allows a goroutine to wait on multiple channel operations and execute whichever becomes ready first. 
 + 
 +7. What are common goroutine leaks and how do you prevent them? 
 + 
 +Goroutine leaks occur when goroutines wait forever. I prevent them using context cancellation, proper channel management, timeouts, and cleanup logic. 
 + 
 +8. What is context.Context and why is it important? 
 + 
 +Context enables cancellation, deadlines, and request-scoped metadata across API calls and goroutines. 
 + 
 +9. How does cancellation propagate through contexts? 
 + 
 +Contexts form a tree. When a parent context is cancelled, all derived child contexts are automatically cancelled. 
 + 
 +10. What is an interface in Go? 
 + 
 +An interface specifies a set of methods that a type must implement. 
 + 
 +11. What is interface segregation in Go? 
 + 
 +Go encourages small interfaces that represent a single responsibility rather than large general-purpose interfaces. 
 + 
 +12. What are type assertions and type switches? 
 + 
 +Type assertions extract a concrete type from an interface, while type switches handle multiple possible types safely. 
 + 
 +13. How does dependency injection work in Go? 
 + 
 +Dependency injection in Go is typically done through constructors and interfaces rather than frameworks. 
 + 
 +14. How does Go's scheduler work? 
 + 
 +Go's scheduler maps many goroutines onto a smaller number of OS threads using an M:N scheduling model. 
 + 
 +15. Explain GOMAXPROCS. 
 + 
 +GOMAXPROCS defines the number of OS threads that can execute Go code concurrently. 
 + 
 +16. How does garbage collection work in Go? 
 + 
 +Go uses a concurrent mark-and-sweep garbage collector designed to minimize pause times while reclaiming unused memory. 
 + 
 +17. How do you gracefully shut down Go service? 
 + 
 +Graceful shutdown stops new traffic, allows in-flight requests to complete, cleans up resources, and then terminates the service. 
 + 
 +18. How do you handle SIGTERM and SIGINT? 
 + 
 +I listen for SIGTERM and SIGINT, trigger graceful shutdown, wait for cleanup, and then exit safely. 
 + 
 +19. During server shutdown, how do you finish remaining requests safely? 
 + 
 +During shutdown I stop accepting new requests and allow existing requests to complete within a configurable timeout. 
 + 
 +20. What are worker pools and when would you use them? 
 + 
 +A worker pool limits the number of concurrent goroutines processing jobs. It is useful for CPU-intensive tasks, background jobs, and protecting external systems from overload. 
 + 
 +===== Authentication & Authorization ===== 
 + 
 +1. Session vs JWT vs OAuth2? 
 + 
 +2. How does Session Authentication work internally? 
 + 
 +3. How does JWT Authentication work internally and how do Secret Keys and Public/Private Keys help secure JWTs? 
 + 
 +4. What are the three parts of a JWT? 
 + 
 +5. Access Token vs Refresh Token? 
 + 
 +6. How does OAuth2 work? 
 + 
 +7. Explain Authorization Code Flow. 
 + 
 +8. Explain Client Credentials Flow. 
 + 
 +9. Explain PKCE. 
 + 
 +10. What is OpenID Connect (OIDC)? 
 + 
 +11. What is RBAC? 
 + 
 +12. What is ABAC? 
 + 
 +13. How would you implement authorization in Laravel? 
 + 
 +14. How would you implement authorization in Go? 
 + 
 +15. When should you choose Session over JWT? 
 + 
 +16. When should you choose OAuth2 over JWT? 
 + 
 +===== Security ===== 
 + 
 +1. What is CORS and why do browsers need it? 
 + 
 +2. Simple Request vs Preflight Request? 
 + 
 +3. Important CORS headers? 
 + 
 +4. Why can't wildcard origins be used with credentials? 
 + 
 +5. How do cookies work? 
 + 
 +6. What is HttpOnly? 
 + 
 +7. What is Secure Cookie? 
 + 
 +8. What is SameSite? 
 + 
 +9. SameSite=Strict vs Lax vs None? 
 + 
 +10. What is CSRF? 
 + 
 +11. How does Laravel protect against CSRF? 
 + 
 +12. What is XSS? 
 + 
 +13. Stored vs Reflected vs DOM XSS? 
 + 
 +14. What is SQL Injection? 
 + 
 +15. What is SSRF? 
 + 
 +16. What is Clickjacking? 
 + 
 +17. What is Rate Limiting? 
 + 
 +18. What are OWASP Top 10 risks? 
 + 
 +19. How do you secure REST APIs? 
 + 
 +20. How do you secure file uploads?
  
 ===== Database ===== ===== Database =====
  
-==== Database Fundamentals ====+==== Fundamentals ====
  
-1. What are database indexes and what are their trade-offs?+1. What are indexes and their trade-offs?
  
-2. What is a clustered index?+2. Clustered vs Non-Clustered Index?
  
-3. What is a covering index?+3. Covering Index?
  
-4. What is the difference between B-Tree and Hash indexes?+4. B-Tree vs Hash Index?
  
-5. What is normalization and denormalization?+5. PostgreSQL vs MySQL?
  
-6. When would you choose PostgreSQL over MySQL?+6. When would you choose PostgreSQL?
  
-7. What are the advantages of PostgreSQL JSONB?+7. What is JSONB
 + 
 +8. Normalization vs Denormalization?
  
 ==== Query Optimization ==== ==== Query Optimization ====
  
-8. How do you optimize a slow MySQL query?+9. How do you optimize a slow query?
  
-9What is the N+1 query problem and how do you fix it?+10How do you use EXPLAIN?
  
-10How do you analyze a query using EXPLAIN?+11What is the N+1 problem?
  
-11. How do you identify database bottlenecks?+12. How do you optimize queries on tables with billions of rows?
  
-12How would you optimize a query serving millions of rows?+13What database metrics do you monitor?
  
-13. What causes table locking issues?+==== Transactions ====
  
-14. How do you optimize bulk inserts and updates?+14. What are ACID properties?
  
-==== Transactions & Consistency ====+15. Explain Isolation Levels.
  
-15What are ACID properties?+16Read Committed vs Repeatable Read vs Serializable?
  
-16What are database isolation levels?+17Optimistic vs Pessimistic Locking?
  
-17. What is the difference between pessimistic and optimistic locking?+18. What are deadlocks? 
 +<code> 
 +- Deadlock: A situation where two or more transactions hold locks and wait for each other indefinitely. 
 +- How it occurs: Transactions access the same resources in different orders. Long-running transactions hold locks too long. Missing indexes cause unnecessary locking
 +- How to detect it: The database detects deadlocks automatically. MySQL returns: ERROR 1213: Deadlock found when trying to get lock. Investigate with SHOW ENGINE INNODB STATUS. 
 +- How to prevent it: Keep transactions short. Always access tables/rows in a consistent order. Add proper indexes. Avoid large batch operations in a single transaction. 
 +- How to recover: The database rolls back one transaction automatically. Catch the error in the application and retry the transaction with backoff. 
 +</code> 
 +==== Large Scale Databases ====
  
-18What are deadlocks and how do you resolve them?+19How would you add a new column to a table with billions of rows?
  
-19What is eventual consistency and when is it acceptable?+For a table with billions of rows, I would avoid a direct NOT NULL column addition because it may trigger a table rewrite or long lockI would use an Expand → Backfill → Contract strategy: add the column as nullable, deploy code that writes the new column, backfill existing rows in small batches, verify completion, and finally enforce constraints. For MySQL, I would also evaluate online schema migration tools such as gh-ost or pt-online-schema-change to minimize downtime.
  
-20. How would you design a highly concurrent booking system?+20. What migration risks should be considered?
  
-===== Security =====+Before running a migration on a table with billions of rows, I would assess locking behavior, replication impact, rollback strategy, disk usage, application compatibility, and database load. For schema changes, I typically use the Expand → Backfill → Contract pattern and batch updates to achieve zero or near-zero downtime. I would also monitor replication lag, query latency, error rates, and storage utilization throughout the migration.
  
-==== Authentication & Authorization ====+21. How would you backfill data safely?
  
-1What are the three parts of a JWT? What is the purpose of each part?+I backfill data in small batches, avoid long transactions, monitor database load, and verify correctness before enabling new constraints.
  
-2What is the difference between an Access Token and a Refresh Token?+22How do online schema migrations work?
  
-3OAuth2 vs JWT: what is the difference?+Online schema migration creates a shadow table, copies data incrementally while syncing live changes, and then performs a quick cutover to minimize downtime.
  
-4What is RBAC (Role-Based Access Control)?+23How do you avoid downtime during migrations?
  
-5How would you implement authorization in Laravel?+I avoid downtime using backward-compatible schema changes, phased deployments, batch backfills, and the Expand-Migrate-Contract pattern.
  
-6What is the principle of least privilege?+24How would you design monthly/yearly statistics tables?
  
-==== Web Security ====+I would keep raw transactional data separate from reporting tables and maintain monthly/yearly aggregate tables that are updated incrementally. Reports read from aggregates instead of scanning the full dataset.
  
-7What is CORS and why do browsers need it?+25How would you generate reports with billions of rows?
  
-8. What is the difference between simple request and a preflight request?+For billions of rows, I would move reporting workloads to data warehouse and use pre-aggregation instead of scanning the transactional database.
  
-9What are the important CORS response headers?+26Realtime reporting vs batch reporting?
  
-10Why can't Access-Control-Allow-Origin: * be used with credentials?+Use realtime when business decisions depend on current data. Use batch when slight delays are acceptable and cost efficiency is important.
  
-11How do you configure CORS in Laravel?+27When should you use materialized views?
  
-12How do you configure CORS in Symfony?+I use materialized views for expensive aggregations that are read frequently but don't require perfectly realtime data.
  
-13Does CORS prevent attacks? How does CORS relate to security?+28. How would you implement pre-aggregation?
  
-14. What is CSRF and how does Laravel protect against it?+I would maintain summary tables and incrementally update them rather than repeatedly aggregating billions of rows.
  
-15What is XSS and how can it be prevented?+29How would you partition very large tables?
  
-16. What is SQL Injection and how can it be prevented?+For large datasets I usually partition by date because most queries filter by time ranges and old data can be archived easily.
  
-17What is SSRF?+30Sharding vs Partitioning?
  
-18What is rate limiting and how would you implement it?+Partitioning splits data within a database for performance, while sharding distributes data across multiple databases to achieve horizontal scalabilityPartitioning is usually tried before sharding because it is much simpler to operate.
  
-19. What security risks exist in file uploads?+Example 
 +<code> 
 +Partitioning: 
 +DB1 
 + ├─ orders_2025 
 + ├─ orders_2026 
 + └─ orders_2027
  
-20. What are the OWASP Top 10 risks?+Sharding: 
 +DB1 → Users A-F 
 +DB2 → Users G-M 
 +DB3 → Users N-Z 
 +</code> 
 +===== REST API =====
  
-===== Architecture & Design Patterns =====+1. HTTP methods and their meanings?
  
-==== SOLID & Clean Code ====+2. What makes an API RESTful?
  
-1. Explain the five SOLID principles.+3HTTP 401 vs 403?
  
-2Can you give an example of violating the Dependency Inversion Principle and how to fix it?+4Important HTTP status codes?
  
-3What is Clean Architecture?+5Idempotent APIs?
  
-4What is Hexagonal Architecture?+6API versioning strategies?
  
-5What is Domain-Driven Design (DDD)?+7Pagination strategies?
  
-6What coding practices help maintain large codebases?+8Cursor vs Offset Pagination?
  
-==== Design Patterns ====+9. Rate limiting strategies?
  
-7Which creational design patterns have you used in PHP/Laravel projects?+10API gateway responsibilities?
  
-8. Which structural design patterns have you used in PHP/Laravel projects?+===== Architecture & Scalability =====
  
-9Which behavioral design patterns have you used in PHP/Laravel projects?+1. Explain the SOLID principles.
  
-10What design patterns do you use most frequently in PHP projects?+2. Explain Dependency Inversion with examples.
  
-11When would you use Strategy Pattern?+3What design patterns do you use most?
  
-12When would you use Factory Pattern?+4. Factory Pattern?
  
-13When would you use Repository Pattern?+5Strategy Pattern?
  
-14What are the drawbacks of Repository Pattern?+6. Repository Pattern?
  
-==== Scalability ====+7. Observer Pattern?
  
-15How do you approach breaking a monolithic application into services?+8Event-Driven Architecture?
  
-16How would you design a system serving millions of requests per day?+9CQRS?
  
-17What scalability challenges would you expect in a multi-tenant SaaS platform?+10Domain-Driven Design?
  
-18How would you implement caching?+11Clean Architecture?
  
-19Redis: when would you use it?+12Hexagonal Architecture?
  
-20What are cache invalidation strategies?+13Monolith vs Microservices?
  
-===== Messaging, Queue & Event-Driven Systems =====+14. How would you break a monolith into services?
  
-1How does Laravel Queue work?+15Eventual Consistency?
  
-2Why use a queue instead of synchronous processing?+16Distributed Transactions?
  
-3What queue backends have you used?+17Saga Pattern?
  
-4What is the difference between job and an event?+18How would you design scalable REST API?
  
-5What is the difference between message queue and an event stream?+19How would you design booking system?
  
-6When would you use Kafka?+20How would you design a POS system?
  
-7. When would you use RabbitMQ?+===== Queue, Messaging & Streaming =====
  
-8How do you handle retries and dead-letter queues?+1Why use queues?
  
-9. How do you ensure idempotency in asynchronous systems?+2. How do Laravel queues work? 
 + 
 +3. SQS vs RabbitMQ vs Kafka? 
 + 
 +4. Message Queue vs Event Stream? 
 + 
 +5. At-least-once vs Exactly-once delivery? 
 + 
 +6. Dead Letter Queues? 
 + 
 +7. Retry strategies? 
 + 
 +8. Idempotent consumers? 
 + 
 +9. Event sourcing? 
 + 
 +10. How would you process millions of jobs per day?
  
 ===== Testing ===== ===== Testing =====
  
-1. What is the difference between unit, integration, and functional tests?+1. Unit vs Integration vs Functional Tests?
  
-2. What is the difference between a Mock, a Stub, and a Fake?+2. Mock vs Stub vs Fake?
  
-3. How do you test code that depends on external APIs?+3. Testing external APIs?
  
-4. What code coverage percentage do you target and why?+4. Contract Testing?
  
-5. How do you test Laravel jobs and queues?+5. What should be mocked?
  
-6. How do you test event-driven systems?+6. Testing asynchronous jobs?
  
-7. What is contract testing?+7. Testing event-driven systems?
  
-8. What should and should not be mocked?+8. Code coverage targets?
  
-===== DevOps & AWS =====+===== DevOps & Cloud =====
  
-==== CI/CD ====+1. Ideal CI/CD pipeline?
  
-1. Describe your ideal CI/CD pipeline for a PHP project.+2Blue-Green vs Canary Deployment?
  
-2What is the difference between blue-green deployment and canary deployment?+3Secrets management?
  
-3How do you manage environment-specific configuration securely?+4Docker vs Kubernetes?
  
-4How do you handle database migrations in production?+5ECS vs EKS?
  
-5. How do you roll back failed deployment?+6. How would you deploy PHP application?
  
-==== AWS ====+7. How would you deploy a Go service?
  
-6Which AWS services are commonly used in a PHP backend architecture?+8. AWS services commonly used in backend systems?
  
-7When would you use ECS vs EKS?+9CloudFront?
  
-8How do you store secrets securely in AWS?+10SQS?
  
-9What is CloudFront?+11EventBridge?
  
-10What is SQS?+12RDS Proxy?
  
-11What is EventBridge?+13Auto Scaling?
  
-12What is RDS Proxy?+14Observability strategies?
  
-13. How would you build a highly available architecture on AWS?+===== Leadership =====
  
-===== Packages & Ecosystem =====+1. Effective code reviews?
  
-1How does Composer resolve dependencies?+2Enforcing coding standards?
  
-2What is semantic versioning?+3Mentoring junior developers?
  
-3How do you evaluate whether a package is safe to use?+4Handling repeated mistakes?
  
-4How do you handle package vulnerabilities?+5Communicating with non-technical stakeholders?
  
-5What Laravel packages do you use most often?+6Handling technical disagreements?
  
-6How do you create your own Composer package?+7Leading architecture discussions?
  
-7How do you version and maintain internal packages?+8Managing production incidents?
  
-8. What are the risks of overusing third-party packages?+===== Bonus =====
  
-9How would you share code between multiple PHP services?+1GraphQL vs REST?
  
-===== Leadership & Mentorship =====+2. gRPC vs REST?
  
-1How do you conduct effective code reviews?+3OpenTelemetry?
  
-2How do you enforce coding standards across a team?+4Distributed Tracing?
  
-3How do you handle a junior developer who keeps repeating the same mistakes?+5CAP Theorem?
  
-4How do you communicate a technical decision to a non-technical stakeholder?+6Consistent Hashing?
  
-5How do you mentor developers?+7What backend technology trends are you currently following?
  
-6. How do you resolve technical disagreements within a team?+   
 +====== System Design Interview Questions ======
  
-===== Agile & Incident Management =====+===== Interview Framework =====
  
-1. How do you estimate tasks during sprint planning?+Always follow this order:
  
-2. How do you handle critical production incidents?+  - Clarify requirements 
 +  - Estimate scale 
 +  - Define APIs 
 +  - Design data model 
 +  - Draw high-level architecture 
 +  - Explain data flow 
 +  - Identify bottlenecks 
 +  - Discuss scaling 
 +  - Discuss trade-offs 
 +  - Explain failure handling
  
-3. What is your incident response process?+===== Questions =====
  
-4. How do you perform root cause analysis?+==== Beginner to Intermediate ====
  
-5. What metrics do you track for engineering teams?+  - Design a URL shortener 
 +  - Design a file storage service 
 +  - Design a chat application 
 +  - Design a notification system 
 +  - Design a rate limiter 
 +  - Design a distributed cache 
 +  - Design a search autocomplete service 
 +  - Design an API gateway 
 +  - Design a job queue system 
 +  - Design a payment processing system
  
-===== Bonus =====+==== Intermediate to Advanced ====
  
-1. What is GraphQL and when would you use it instead of REST?+  - Design a ride-sharing platform 
 +  - Design a food delivery system 
 +  - Design a social media news feed 
 +  - Design a video streaming platform 
 +  - Design an e-commerce platform 
 +  - Design a real-time collaboration tool 
 +  - Design a monitoring and logging platform 
 +  - Design a recommendation engine 
 +  - Design a distributed lock service 
 +  - Design a multi-tenant SaaS platform
  
-2. What is gRPC and when would you use it?+==== Senior Backend Engineer Topics ====
  
-3. REST vs GraphQL vs gRPC?+  - Design an order management system 
 +  - Design an inventory system that prevents overselling 
 +  - Design a coupon and promotion engine 
 +  - Design a loyalty points system 
 +  - Design an invoice generation system 
 +  - Design a webhook processing platform 
 +  - Design an OAuth2 / SSO authentication system 
 +  - Design an event-driven microservices architecture 
 +  - Design a distributed scheduler service 
 +  - Design a monolith-to-microservices migration strategy
  
-4. What is OpenTelemetry?+===== Drawing Template =====
  
-5. What are the key observability pillars?+For every question, draw the following components: 
 + 
 +<code> 
 +Users / Mobile App / Web Browser 
 +                | 
 +                v 
 +        CDN / Load Balancer 
 +                | 
 +                v 
 +            API Gateway 
 +                | 
 +                v 
 +         Application Services 
 +          /        |        \ 
 +         /                 \ 
 +        v          v          v 
 +     Cache      Database    Queue 
 +      |                      | 
 +      |                      | 
 +      v                      v 
 +    Redis      MySQL/NoSQL   Workers 
 + 
 +                | 
 +                v 
 +      Monitoring / Logging 
 +</code> 
 + 
 +===== What Interviewers Expect ===== 
 + 
 +For each component, explain: 
 + 
 +  * Why it exists 
 +  * How it scales 
 +  * Single points of failure 
 +  * Data consistency requirements 
 +  * Availability requirements 
 +  * Security considerations 
 +  * Monitoring and alerting 
 + 
 +===== Non-Functional Requirements Checklist ===== 
 + 
 +  * Availability (99.9%, 99.99%, etc.) 
 +  * Scalability 
 +  * Reliability 
 +  * Latency 
 +  * Throughput 
 +  * Durability 
 +  * Consistency 
 +  * Security 
 +  * Cost 
 + 
 +===== Estimation Checklist ===== 
 + 
 +Estimate before designing: 
 + 
 +  * Daily active users 
 +  * Requests per second (RPS) 
 +  * Peak traffic 
 +  * Storage requirements 
 +  * Read/write ratio 
 +  * Bandwidth requirements 
 + 
 +===== Deep Dive Topics ===== 
 + 
 +Discuss when prompted: 
 + 
 +  * Database sharding 
 +  * Caching strategy 
 +  * Queue design 
 +  * Event-driven architecture 
 +  * Replication 
 +  * Multi-region deployment 
 +  * Disaster recovery 
 +  * Rate limiting 
 +  * Idempotency 
 +  * Distributed locking 
 +  * CAP theorem 
 +  * Eventual consistency 
 + 
 +===== Common Trade-offs ===== 
 + 
 +^ Choice ^ Pros ^ Cons ^ 
 +| SQL | Strong consistency | Harder to scale horizontally | 
 +| NoSQL | High scalability | Eventual consistency | 
 +| Sync communication | Simple | Tight coupling | 
 +| Async communication | Resilient | Increased complexity | 
 +| Cache aside | Simple | Stale data risk | 
 +| Write through cache | Consistent cache | Higher write latency | 
 + 
 +===== Example: URL Shortener ===== 
 + 
 +==== Requirements ==== 
 + 
 +  * Shorten long URLs 
 +  * Redirect users quickly 
 +  * High read traffic 
 +  * Custom aliases (optional) 
 +  * Analytics (optional) 
 + 
 +==== APIs ==== 
 + 
 +<code> 
 +POST /api/v1/shorten 
 + 
 +Request: 
 +
 +  "url": "https://example.com/very/long/url" 
 +
 + 
 +Response: 
 +
 +  "shortUrl": "https://short.ly/abc123" 
 +
 +</code> 
 + 
 +<code> 
 +GET /abc123 
 +</code> 
 + 
 +==== High-Level Design ==== 
 + 
 +<code> 
 +Client 
 +  | 
 +  v 
 +Load Balancer 
 +  | 
 +  v 
 +URL Service 
 +  |       \ 
 +  |        \ 
 +  v         v 
 +Redis     MySQL 
 +</code> 
 + 
 +==== Data Model ==== 
 + 
 +<code> 
 +urls 
 +---- 
 +id 
 +short_code 
 +long_url 
 +created_at 
 +expires_at 
 +</code> 
 + 
 +==== Scaling ==== 
 + 
 +  * Cache popular URLs in Redis 
 +  * Read replicas for MySQL 
 +  * Shard by short_code 
 +  * CDN for global traffic 
 + 
 +==== Failure Handling ==== 
 + 
 +  * Retry failed writes 
 +  * Circuit breaker for dependencies 
 +  * Database replication 
 +  * Multi-region backup 
 + 
 +===== Whiteboard Tips ===== 
 + 
 +  * Start simple 
 +  * Draw before explaining 
 +  * Label every component 
 +  * State assumptions clearly 
 +  * Ask clarifying questions 
 +  * Explain trade-offs 
 +  * Think out loud 
 +  * Optimize only after the basic design works 
 + 
 +===== Golden Rule ===== 
 + 
 +Do not jump directly into technology choices. 
 + 
 +Always follow: 
 + 
 +Requirements -> Scale -> APIs -> Data Model -> Architecture -> Bottlenecks -> Trade-offs 
 + 
 + 
 + 
 +====== More detail versions ====== 
 +====== Senior PHP (Laravel/Symfony) & Golang Backend Interview Questions ====== 
 + 
 +===== PHP Fundamentals ===== 
 + 
 +  1. What are PSR standards (PSR-1, PSR-12, PSR-4) and why do they matter for team consistency? 
 +  2. What new features in PHP 8.x (attributes, enums, fibers, named arguments, match expression, nullsafe operator) have you used in production? 
 +  3. How does Composer autoloading work, and what is the difference between PSR-4, PSR-0, classmap, and files autoloading? 
 +  4. What is the difference between interface, abstract class, and trait — and when should you choose each? 
 +  5. What are PHP attributes (#[Attribute]) and when would you use them instead of docblock annotations? 
 +  6. How does PHP-FPM work, and how does it manage worker processes to handle concurrent requests? 
 +  7. How does OPCache improve performance, and what happens when a file changes after it has been cached? 
 +  8. Explain the lifecycle of an HTTP request in PHP from the moment it hits the server to the response being sent back. 
 +  9. How does memory management work in PHP — how is memory allocated per request and what causes memory leaks? 
 +  10. Can PHP handle concurrency, and what approaches can be used (async, parallel, process-based)? 
 +  11. How would you implement concurrent API calls in PHP (e.g. calling three external APIs in parallel)? 
 +  12. What are Fibers in PHP 8.1 and how do they differ from goroutines or threads? 
 +  13. What is Swoole or RoadRunner and how do they differ from the traditional PHP-FPM request model? 
 +  14. What do the three numbers in Semantic Versioning (MAJOR.MINOR.PATCH) mean, and when should each be incremented? 
 +   
 +   
 +===== Laravel & Symfony ===== 
 + 
 +  1. How does Laravel's service container work — what is IoC, how does auto-wiring use Reflection, and when would you use bind() vs singleton()? 
 +  2. What are Laravel service providers, what is the difference between register() and boot(), and when would you create a custom one? 
 +  3. Explain Dependency Injection in Laravel — how does the container resolve constructor dependencies automatically? 
 +  4. How do Laravel middleware work — how are they registered, in what order do they run, and how do you pass parameters to them? 
 +  5. How do Laravel events and listeners work — when would you use them over direct method calls, and how do you make listeners queued? 
 +  6. How do Laravel queues work — what is a job, how do workers consume jobs, and how do you handle failed jobs? 
 +  7. How do you handle long-running tasks in Laravel so they do not block the HTTP response? 
 +  8. How does Eloquent ORM work internally — how does it map database rows to model instances and handle relationships? 
 +  9. What are the advantages and disadvantages of Eloquent ORM vs Query Builder, and when would you choose one over the other? 
 +  10. Explain Symfony's Dependency Injection component — what is a compiler pass, what are tagged services, and how does it differ from Laravel's container? 
 +  11. Explain Symfony's Event Dispatcher — how does it compare to Laravel events, and when would you use it? 
 +  12. Explain Symfony Messenger — how does it handle message routing, transport, retry, and failure queues? 
 +  13. Which Laravel and Symfony versions are you currently using, and are you aware of the major differences between recent releases? 
 + 
 +===== Golang ===== 
 + 
 +  1. Explain the lifecycle of an HTTP request in Go from net/http receiving a connection to the handler returning a response. 
 +  2. What is a goroutine — how is it different from an OS thread, and how does Go schedule them? 
 +  3. What is the difference between a goroutine and a thread in terms of memory footprint, scheduling, and creation cost? 
 +  4. What is a channel in Go — how does it enable safe communication between goroutines? 
 +  5. What is the difference between a buffered and an unbuffered channel, and when would you use each? 
 +  6. What is a select statement in Go and how does it handle multiple channel operations simultaneously? 
 +  7. What are common goroutine leaks, what causes them, and how do you detect and prevent them? 
 +  8. What is context.Context and why is it important for cancellation, timeouts, and request-scoped values? 
 +  9. How does cancellation propagate through a context tree — what happens when a parent context is cancelled? 
 +  10. What is an interface in Go — how does implicit interface satisfaction differ from Java-style explicit implementation? 
 +  11. What is interface segregation in Go and how does keeping interfaces small improve testability? 
 +  12. What are type assertions and type switches, and when would you use them safely? 
 +  13. How does dependency injection work in Go — since there is no IoC container, what patterns or tools (Wire, Fx) do you use? 
 +  14. How does Go's runtime scheduler (M:N scheduler) work — what are M, P, and G? 
 +  15. What is GOMAXPROCS and how does it affect parallelism at runtime? 
 +  16. How does Go's garbage collector work, and how do you reduce GC pressure in high-throughput services? 
 +  17. How do you gracefully shut down a Go HTTP service without dropping in-flight requests? 
 +  18. How do you handle SIGTERM and SIGINT signals in a Go service? 
 +  19. During server shutdown, how do you ensure remaining in-flight requests are finished before the process exits? 
 +  20. What are worker pools in Go, when would you use them, and how do you implement one with goroutines and channels? 
 + 
 +===== Authentication & Authorization ===== 
 + 
 +  1. What are the key differences between Session, JWT, and OAuth2 — and when should you choose each? 
 +  2. How does session-based authentication work internally — where is session data stored and how is it tied to a cookie? 
 +  3. How does JWT authentication work internally — what role do HMAC secret keys and RSA public/private keys play in verification? 
 +  4. What are the three parts of a JWT (header, payload, signature) and what does each contain? 
 +  5. What is the difference between an access token and a refresh token in terms of lifetime, storage, and usage? 
 +  6. How does OAuth2 work — what are the roles (resource owner, client, authorization server, resource server)? 
 +  7. Explain the Authorization Code Flow — why is it more secure than the Implicit Flow? 
 +  8. Explain the Client Credentials Flow — when is it used and what kind of client uses it? 
 +  9. What is PKCE (Proof Key for Code Exchange) and why is it required for public clients? 
 +  10. What is OpenID Connect (OIDC) — how does it extend OAuth2 to provide identity information? 
 +  11. What is RBAC (Role-Based Access Control) and how would you model it in a database? 
 +  12. What is ABAC (Attribute-Based Access Control) and when is it more appropriate than RBAC? 
 +  13. How would you implement authorization (roles, permissions, policies) in a Laravel application? 
 +  14. How would you implement authorization in a Go service — using middleware, policy objects, or a library like Casbin? 
 +  15. When should you choose session-based auth over JWT, considering statefulness, scalability, and revocation needs? 
 +  16. When should you choose OAuth2 over simple JWT — what does OAuth2 add that plain JWT does not provide? 
 + 
 +===== Security ===== 
 + 
 +  1. What is CORS and why do browsers enforce it — what problem does the Same-Origin Policy solve? 
 +  2. What is the difference between a simple CORS request and a preflight (OPTIONS) request — what triggers a preflight? 
 +  3. What are the important CORS response headers and what does each one control? 
 +  4. Why can you not use a wildcard Access-Control-Allow-Origin: * when the request includes credentials (cookies or Authorization header)? 
 +  5. How do cookies work — how are they set, sent, and scoped by domain and path? 
 +  6. What is the HttpOnly cookie flag and what attack does it mitigate? 
 +  7. What is the Secure cookie flag and when is it required? 
 +  8. What is the SameSite cookie attribute and why was it introduced? 
 +  9. What is the difference between SameSite=Strict, SameSite=Lax, and SameSite=None, and when would you use each? 
 +  10. What is CSRF (Cross-Site Request Forgery) — how does an attacker exploit it and what is the impact? 
 +  11. How does Laravel protect against CSRF attacks — how does the CSRF token mechanism work under the hood? 
 +  12. What is XSS (Cross-Site Scripting) — how does an attacker inject and execute malicious scripts? 
 +  13. What is the difference between Stored XSS, Reflected XSS, and DOM-based XSS? 
 +  14. What is SQL Injection — how does parameterized queries or prepared statements prevent it? 
 +  15. What is SSRF (Server-Side Request Forgery) — how can it be exploited and how do you prevent it? 
 +  16. What is Clickjacking — how does it work and how do X-Frame-Options or CSP frame-ancestors mitigate it? 
 +  17. What is rate limiting — what strategies (fixed window, sliding window, token bucket) would you implement for an API? 
 +  18. What are the OWASP Top 10 risks and which ones are most relevant to a PHP/Go backend? 
 +  19. How do you secure REST APIs — authentication, input validation, output encoding, TLS, rate limiting? 
 +  20. How do you secure file uploads — what validations and storage strategies prevent abuse? 
 + 
 +===== Database ===== 
 + 
 +==== Fundamentals ==== 
 + 
 +  1. What are database indexes, how does a B-tree index work, and what are the read/write trade-offs? 
 +  2. What is the difference between a clustered index and a non-clustered index — how does InnoDB use the primary key as a clustered index? 
 +  3. What is a covering index and how does it eliminate the need for a row lookup (table access)? 
 +  4. What is the difference between a B-Tree index and a Hash index — when is each appropriate? 
 +  5. What are the main differences between PostgreSQL and MySQL in terms of features, concurrency model, and use cases? 
 +  6. When would you choose PostgreSQL over MySQL — what specific features make PostgreSQL better for complex workloads? 
 +  7. What is JSONB in PostgreSQL — how does it differ from JSON, and when is it useful? 
 +  8. What is the difference between normalization and denormalization — when is denormalization a justified trade-off? 
 + 
 +==== Query Optimization ==== 
 + 
 +  1. How do you approach optimizing a slow SQL query — what is your step-by-step process? 
 +  2. How do you use EXPLAIN (or EXPLAIN ANALYZE) to read a query execution plan — what columns matter most? 
 +  3. What is the N+1 query problem and how do you fix it with eager loading or JOINs? 
 +  4. How do you optimize queries on tables with billions of rows — indexing strategy, partitioning, archiving? 
 +  5. What database metrics do you monitor (slow query log, index hit rate, connection pool, lock waits) and with what tools? 
 + 
 +==== Transactions ==== 
 + 
 +  1. What are the ACID properties — explain each one and why they matter for data integrity? 
 +  2. What are database isolation levels and what concurrency anomalies does each level prevent? 
 +  3. What is the difference between Read Committed, Repeatable Read, and Serializable isolation levels? 
 +  4. What is the difference between optimistic locking and pessimistic locking — when would you use each? 
 +  5. What are deadlocks — how do they occur and how do you detect, prevent, or recover from them? 
 + 
 +==== Large Scale Databases ==== 
 + 
 +  1. How would you add a new column to a table with billions of rows without causing downtime? 
 +  2. What migration risks should be considered when altering a live, high-traffic table? 
 +  3. How would you backfill data into a new column safely without locking the table or overloading the database? 
 +  4. How do online schema migration tools (gh-ost, pt-online-schema-change) work to avoid table locks? 
 +  5. How do you avoid downtime during database migrations in a zero-downtime deployment? 
 +  6. How would you design a statistics table (monthly/yearly aggregates) to serve dashboard queries efficiently? 
 +  7. How would you generate reports on a table with billions of rows without impacting the live database? 
 +  8. When would you use realtime reporting vs batch reporting — what infrastructure does each approach require? 
 +  9. When should you use materialized views and how do you keep them up to date? 
 +  10. How would you implement pre-aggregation to serve analytics queries at scale? 
 +  11. How would you partition a very large table — range, list, or hash partitioning — and what are the trade-offs? 
 +  12. What is the difference between sharding and partitioning — when does sharding become necessary? 
 + 
 +===== REST API ===== 
 + 
 +  1. What are the HTTP methods (GET, POST, PUT, PATCH, DELETE) — what do idempotent and safe mean in this context? 
 +  2. What makes an API RESTful — what are the key constraints (statelessness, uniform interface, resource-based URLs)? 
 +  3. What is the difference between HTTP 401 Unauthorized and 403 Forbidden — when should you return each? 
 +  4. What are the important HTTP status codes every backend developer should know and when is each appropriate? 
 +  5. What does it mean for an API to be idempotent — why is idempotency important for retries and safe operations? 
 +  6. What API versioning strategies exist (URL path, header, query param) and what are the trade-offs of each? 
 +  7. What pagination strategies are available (offset, cursor, keyset) and what are the trade-offs? 
 +  8. What is the difference between cursor-based pagination and offset-based pagination — why is cursor pagination better for large datasets? 
 +  9. What rate limiting strategies (fixed window, sliding window, token bucket, leaky bucket) would you implement and at what layer? 
 +  10. What are the responsibilities of an API gateway (auth, rate limiting, routing, SSL termination, logging)? 
 + 
 +===== Architecture & Scalability ===== 
 + 
 +  1. Explain the five SOLID principles and give a concrete PHP or Go example for each. 
 +  2. Explain the Dependency Inversion Principle — how does depending on abstractions rather than concretions improve testability? 
 +  3. What design patterns do you use most frequently in backend systems and why? 
 +  4. Explain the Factory pattern — what problem does it solve and how is it different from a simple constructor? 
 +  5. Explain the Strategy pattern — how does it allow swapping algorithms at runtime without modifying the caller? 
 +  6. Explain the Repository pattern — how does it decouple business logic from data access, and what are its drawbacks? 
 +  7. Explain the Observer pattern — how does it enable decoupled side effects and how does it relate to event-driven design? 
 +  8. What is Event-Driven Architecture — how does it differ from request-driven, and when is it the right choice? 
 +  9. What is CQRS (Command Query Responsibility Segregation) — what problem does it solve and what complexity does it add? 
 +  10. What is Domain-Driven Design — what are bounded contexts, aggregates, and domain events, and when is DDD worth the overhead? 
 +  11. What is Clean Architecture — how do the dependency rules between layers prevent framework and infrastructure lock-in? 
 +  12. What is Hexagonal Architecture (Ports and Adapters) — how does it differ from Clean Architecture? 
 +  13. What are the trade-offs between a monolith and microservices — when does a monolith become a problem? 
 +  14. How would you break a monolith into services — what is the strangler fig pattern and how do you avoid a distributed monolith? 
 +  15. What is eventual consistency — when is it acceptable and when do you need strong consistency? 
 +  16. What are distributed transactions — why are they hard and what alternatives exist? 
 +  17. What is the Saga pattern — how do choreography-based and orchestration-based sagas differ? 
 +  18. How would you design a scalable REST API — what decisions affect scalability from day one? 
 +  19. How would you design a booking system — how do you handle availability checks, concurrency, and double-booking prevention? 
 +  20. How would you design a POS (Point of Sale) system that must work reliably offline? 
 + 
 +===== Queue, Messaging & Streaming ===== 
 + 
 +  1. Why use a message queue instead of direct synchronous calls — what problems does async processing solve? 
 +  2. How do Laravel queues work — how are jobs dispatched, stored, consumed by workers, and retried on failure? 
 +  3. What are the main differences between SQS, RabbitMQ, and Kafka in terms of delivery model, persistence, and use cases? 
 +  4. What is the difference between a message queue and an event stream — when would you use Kafka instead of SQS? 
 +  5. What is the difference between at-least-once and exactly-once delivery — what are the implications for consumer design? 
 +  6. What is a Dead Letter Queue (DLQ) and how should you handle messages that land in it? 
 +  7. What are common retry strategies (exponential backoff, jitter) and how do you avoid retry storms? 
 +  8. What does it mean for a consumer to be idempotent — how do you design a consumer that can safely process the same message twice? 
 +  9. What is event sourcing — how does it differ from storing only the current state, and what are the trade-offs? 
 +  10. How would you architect a system that needs to process millions of jobs per day reliably? 
 + 
 +===== Testing ===== 
 + 
 +  1. What is the difference between unit, integration, and functional tests — what does each test in isolation and what is the trade-off? 
 +  2. What is the difference between a mock, a stub, and a fake — when would you use each and how do they differ in behavior? 
 +  3. How do you test code that depends on an external API — what is the VCR pattern and when would you use it? 
 +  4. What is contract testing (e.g. with Pact) — how does it catch breaking API changes between a consumer and a provider? 
 +  5. What should be mocked in a unit test and what should never be mocked — where is the line between isolation and over-mocking? 
 +  6. How do you test an asynchronous job — how do you assert that a job was dispatched and that it produces the correct side effect? 
 +  7. How do you test an event-driven system — how do you verify that publishing an event triggers the correct downstream behavior? 
 +  8. What code coverage percentage do you target and how do you think about line coverage vs branch coverage vs mutation testing? 
 + 
 +===== DevOps & Cloud ===== 
 + 
 +  1. What does your ideal CI/CD pipeline for a PHP or Go project look like — what stages run and in what order? 
 +  2. What is the difference between blue-green deployment and canary deployment — when would you choose each? 
 +  3. How do you manage secrets and environment-specific configuration securely — what tools and practices do you follow? 
 +  4. What is the difference between Docker and Kubernetes — what problem does Kubernetes solve that Docker alone does not? 
 +  5. What is the difference between ECS and EKS on AWS — when would you choose one over the other? 
 +  6. How would you deploy a PHP (Laravel) application to production — what infrastructure, process manager, and deployment strategy? 
 +  7. How would you deploy a Go service to production — what are the considerations for binary deployment vs containerization? 
 +  8. What AWS services are commonly used in a backend system and what role does each play? 
 +  9. How does CloudFront work as a CDN — what can you cache and what are the cache invalidation strategies? 
 +  10. How does Amazon SQS work — what are its delivery guarantees and how do you handle duplicate messages? 
 +  11. What is Amazon EventBridge and when would you use it instead of SQS or SNS? 
 +  12. What is RDS Proxy and why would you use it in front of an RDS database? 
 +  13. How does Auto Scaling work on AWS — what metrics trigger scaling and what are the risks of aggressive scaling policies? 
 +  14. What is your observability strategy — how do you use logs, metrics, and traces together to debug a production issue? 
 + 
 +===== Leadership ===== 
 + 
 +  1. How do you conduct effective code reviews — what do you look for, how do you give feedback, and what is a blocking vs non-blocking comment? 
 +  2. How do you enforce coding standards on a team — what is the balance between automated tooling and human review? 
 +  3. How do you mentor junior developers — what is your approach to pairing, feedback, and growing their ownership? 
 +  4. How do you handle a developer who keeps repeating the same mistakes — how do you give feedback without damaging the relationship? 
 +  5. How do you communicate a complex technical decision to a non-technical stakeholder — what framing and language do you use? 
 +  6. How do you handle a technical disagreement within the team — how do you reach a decision when smart people disagree? 
 +  7. How do you lead an architecture discussion — how do you make sure the right voices are heard and a decision gets made? 
 +  8. How do you manage a critical production incident — what is your process from detection to resolution to post-mortem? 
 + 
 +===== Bonus =====
  
-6How would you monitor production PHP system?+  1What are the key differences between GraphQL and REST — when does GraphQL solve a real problem and when is it overkill? 
 +  2. What is gRPC and how does it differ from REST — when would you choose gRPC for service-to-service communication? 
 +  3. What is OpenTelemetry — how does it standardize instrumentation across logs, metrics, and traces? 
 +  4. What is distributed tracing — how does trace ID propagate across services and how do you use it to debug a slow request? 
 +  5. What is the CAP Theorem — what does it mean in practice when designing a distributed system
 +  6. What is consistent hashing — what problem does it solve in distributed caches or sharded databases? 
 +  7. What backend technology trends (e.g. eBPF, WebAssembly, AI-assisted coding, edge compute) are you currently following and why?
  
skills/interview.1781136356.txt.gz · Last modified: by phong2018