Differences

This shows you the differences between two versions of the page.

--- skills:interview [2026/06/11 00:22] – [Authentication & Authorization] phong2018
+++ skills:interview [2026/06/15 10:07] (current) – [Transactions] phong2018
@@ Line 62: / Line 62: @@
 . Explain the lifecycle of an HTTP request in Go.
+Go's HTTP server accepts a connection, creates goroutines to handle requests, executes middleware and handlers, writes the response, and then either reuses or closes the connection.
 . What is a goroutine?
+A goroutine is a lightweight thread managed by the Go runtime that enables concurrent execution.
 . Goroutine vs Thread?
+Goroutines are much lighter than OS threads and are multiplexed onto threads by Go's scheduler.
 . What is a channel?
+Channels allow goroutines to safely communicate and synchronize without shared memory.
 . Buffered vs Unbuffered channels?
+Unbuffered channels synchronize sender and receiver immediately, while buffered channels allow limited asynchronous communication.
 . What is a select statement?
+Select allows a goroutine to wait on multiple channel operations and execute whichever becomes ready first.
 . What are common goroutine leaks and how do you prevent them?
+Goroutine leaks occur when goroutines wait forever. I prevent them using context cancellation, proper channel management, timeouts, and cleanup logic.
 . What is context.Context and why is it important?
+Context enables cancellation, deadlines, and request-scoped metadata across API calls and goroutines.
 . How does cancellation propagate through contexts?
+Contexts form a tree. When a parent context is cancelled, all derived child contexts are automatically cancelled.
 . What is an interface in Go?
+An interface specifies a set of methods that a type must implement.
 . What is interface segregation in Go?
+Go encourages small interfaces that represent a single responsibility rather than large general-purpose interfaces.
 . What are type assertions and type switches?
+Type assertions extract a concrete type from an interface, while type switches handle multiple possible types safely.
 . How does dependency injection work in Go?
+Dependency injection in Go is typically done through constructors and interfaces rather than frameworks.
 . How does Go's scheduler work?
+Go's scheduler maps many goroutines onto a smaller number of OS threads using an M:N scheduling model.
 . Explain GOMAXPROCS.
+GOMAXPROCS defines the number of OS threads that can execute Go code concurrently.
 . How does garbage collection work in Go?
+Go uses a concurrent mark-and-sweep garbage collector designed to minimize pause times while reclaiming unused memory.
 . How do you gracefully shut down a Go service?
+Graceful shutdown stops new traffic, allows in-flight requests to complete, cleans up resources, and then terminates the service.
 . How do you handle SIGTERM and SIGINT?
+I listen for SIGTERM and SIGINT, trigger graceful shutdown, wait for cleanup, and then exit safely.
 . During server shutdown, how do you finish remaining requests safely?
+During shutdown I stop accepting new requests and allow existing requests to complete within a configurable timeout.
 . What are worker pools and when would you use them?
+A worker pool limits the number of concurrent goroutines processing jobs. It is useful for CPU-intensive tasks, background jobs, and protecting external systems from overload.
 ===== Authentication & Authorization =====
@@ Line 220: / Line 260: @@
 . What are deadlocks?
+<code>
+- Deadlock: A situation where two or more transactions hold locks and wait for each other indefinitely.
+- How it occurs: Transactions access the same resources in different orders. Long-running transactions hold locks too long. Missing indexes cause unnecessary locking.
+- How to detect it: The database detects deadlocks automatically. MySQL returns: ERROR 1213: Deadlock found when trying to get lock. Investigate with SHOW ENGINE INNODB STATUS.
+- How to prevent it: Keep transactions short. Always access tables/rows in a consistent order. Add proper indexes. Avoid large batch operations in a single transaction.
+- How to recover: The database rolls back one transaction automatically. Catch the error in the application and retry the transaction with backoff.
+</code>
 ==== Large Scale Databases ====
 . How would you add a new column to a table with billions of rows?
+For a table with billions of rows, I would avoid a direct NOT NULL column addition because it may trigger a table rewrite or long lock. I would use an Expand → Backfill → Contract strategy: add the column as nullable, deploy code that writes the new column, backfill existing rows in small batches, verify completion, and finally enforce constraints. For MySQL, I would also evaluate online schema migration tools such as gh-ost or pt-online-schema-change to minimize downtime.
 . What migration risks should be considered?
+Before running a migration on a table with billions of rows, I would assess locking behavior, replication impact, rollback strategy, disk usage, application compatibility, and database load. For schema changes, I typically use the Expand → Backfill → Contract pattern and batch updates to achieve zero or near-zero downtime. I would also monitor replication lag, query latency, error rates, and storage utilization throughout the migration.
 . How would you backfill data safely?
+I backfill data in small batches, avoid long transactions, monitor database load, and verify correctness before enabling new constraints.
 . How do online schema migrations work?
+Online schema migration creates a shadow table, copies data incrementally while syncing live changes, and then performs a quick cutover to minimize downtime.
 . How do you avoid downtime during migrations?
+I avoid downtime using backward-compatible schema changes, phased deployments, batch backfills, and the Expand-Migrate-Contract pattern.
 . How would you design monthly/yearly statistics tables?
+I would keep raw transactional data separate from reporting tables and maintain monthly/yearly aggregate tables that are updated incrementally. Reports read from aggregates instead of scanning the full dataset.
 . How would you generate reports with billions of rows?
+For billions of rows, I would move reporting workloads to a data warehouse and use pre-aggregation instead of scanning the transactional database.
 . Realtime reporting vs batch reporting?
+Use realtime when business decisions depend on current data. Use batch when slight delays are acceptable and cost efficiency is important.
 . When should you use materialized views?
+I use materialized views for expensive aggregations that are read frequently but don't require perfectly realtime data.
 . How would you implement pre-aggregation?
+I would maintain summary tables and incrementally update them rather than repeatedly aggregating billions of rows.
 . How would you partition very large tables?
+For large datasets I usually partition by date because most queries filter by time ranges and old data can be archived easily.
 . Sharding vs Partitioning?
+Partitioning splits data within a database for performance, while sharding distributes data across multiple databases to achieve horizontal scalability. Partitioning is usually tried before sharding because it is much simpler to operate.
+Example
+<code>
+Partitioning:
+DB1
+ ├─ orders_2025
+ ├─ orders_2026
+ └─ orders_2027
+Sharding:
+DB1 → Users A-F
+DB2 → Users G-M
+DB3 → Users N-Z
+</code>
 ===== REST API =====
@@ Line 414: / Line 497: @@
 . What backend technology trends are you currently following?
+====== System Design Interview Questions ======
+===== Interview Framework =====
+Always follow this order:
+  - Clarify requirements
+  - Estimate scale
+  - Define APIs
+  - Design data model
+  - Draw high-level architecture
+  - Explain data flow
+  - Identify bottlenecks
+  - Discuss scaling
+  - Discuss trade-offs
+  - Explain failure handling
+===== Questions =====
+==== Beginner to Intermediate ====
+  - Design a URL shortener
+  - Design a file storage service
+  - Design a chat application
+  - Design a notification system
+  - Design a rate limiter
+  - Design a distributed cache
+  - Design a search autocomplete service
+  - Design an API gateway
+  - Design a job queue system
+  - Design a payment processing system
+==== Intermediate to Advanced ====
+  - Design a ride-sharing platform
+  - Design a food delivery system
+  - Design a social media news feed
+  - Design a video streaming platform
+  - Design an e-commerce platform
+  - Design a real-time collaboration tool
+  - Design a monitoring and logging platform
+  - Design a recommendation engine
+  - Design a distributed lock service
+  - Design a multi-tenant SaaS platform
+==== Senior Backend Engineer Topics ====
+  - Design an order management system
+  - Design an inventory system that prevents overselling
+  - Design a coupon and promotion engine
+  - Design a loyalty points system
+  - Design an invoice generation system
+  - Design a webhook processing platform
+  - Design an OAuth2 / SSO authentication system
+  - Design an event-driven microservices architecture
+  - Design a distributed scheduler service
+  - Design a monolith-to-microservices migration strategy
+===== Drawing Template =====
+For every question, draw the following components:
+<code>
+Users / Mobile App / Web Browser
+                |
+                v
+        CDN / Load Balancer
+                |
+                v
+            API Gateway
+                |
+                v
+         Application Services
+          /        |        \
+         /         |         \
+        v          v          v
+     Cache      Database    Queue
+      |             |          |
+      |             |          |
+      v             v          v
+    Redis      MySQL/NoSQL   Workers
+                |
+                v
+      Monitoring / Logging
+</code>
+===== What Interviewers Expect =====
+For each component, explain:
+  * Why it exists
+  * How it scales
+  * Single points of failure
+  * Data consistency requirements
+  * Availability requirements
+  * Security considerations
+  * Monitoring and alerting
+===== Non-Functional Requirements Checklist =====
+  * Availability (99.9%, 99.99%, etc.)
+  * Scalability
+  * Reliability
+  * Latency
+  * Throughput
+  * Durability
+  * Consistency
+  * Security
+  * Cost
+===== Estimation Checklist =====
+Estimate before designing:
+  * Daily active users
+  * Requests per second (RPS)
+  * Peak traffic
+  * Storage requirements
+  * Read/write ratio
+  * Bandwidth requirements
+===== Deep Dive Topics =====
+Discuss when prompted:
+  * Database sharding
+  * Caching strategy
+  * Queue design
+  * Event-driven architecture
+  * Replication
+  * Multi-region deployment
+  * Disaster recovery
+  * Rate limiting
+  * Idempotency
+  * Distributed locking
+  * CAP theorem
+  * Eventual consistency
+===== Common Trade-offs =====
+^ Choice ^ Pros ^ Cons ^
+| SQL | Strong consistency | Harder to scale horizontally |
+| NoSQL | High scalability | Eventual consistency |
+| Sync communication | Simple | Tight coupling |
+| Async communication | Resilient | Increased complexity |
+| Cache aside | Simple | Stale data risk |
+| Write through cache | Consistent cache | Higher write latency |
+===== Example: URL Shortener =====
+==== Requirements ====
+  * Shorten long URLs
+  * Redirect users quickly
+  * High read traffic
+  * Custom aliases (optional)
+  * Analytics (optional)
+==== APIs ====
+<code>
+POST /api/v1/shorten
+Request:
+{
+  "url": "https://example.com/very/long/url"
+}
+Response:
+{
+  "shortUrl": "https://short.ly/abc123"
+}
+</code>
+<code>
+GET /abc123
+</code>
+==== High-Level Design ====
+<code>
+Client
+  |
+  v
+Load Balancer
+  |
+  v
+URL Service
+  |       \
+  |        \
+  v         v
+Redis     MySQL
+</code>
+==== Data Model ====
+<code>
+urls
+----
+id
+short_code
+long_url
+created_at
+expires_at
+</code>
+==== Scaling ====
+  * Cache popular URLs in Redis
+  * Read replicas for MySQL
+  * Shard by short_code
+  * CDN for global traffic
+==== Failure Handling ====
+  * Retry failed writes
+  * Circuit breaker for dependencies
+  * Database replication
+  * Multi-region backup
+===== Whiteboard Tips =====
+  * Start simple
+  * Draw before explaining
+  * Label every component
+  * State assumptions clearly
+  * Ask clarifying questions
+  * Explain trade-offs
+  * Think out loud
+  * Optimize only after the basic design works
+===== Golden Rule =====
+Do not jump directly into technology choices.
+Always follow:
+Requirements -> Scale -> APIs -> Data Model -> Architecture -> Bottlenecks -> Trade-offs
+====== More detail versions ======
+====== Senior PHP (Laravel/Symfony) & Golang Backend Interview Questions ======
+===== PHP Fundamentals =====
+. What are PSR standards (PSR-1, PSR-12, PSR-4) and why do they matter for team consistency?
+. What new features in PHP 8.x (attributes, enums, fibers, named arguments, match expression, nullsafe operator) have you used in production?
+. How does Composer autoloading work, and what is the difference between PSR-4, PSR-0, classmap, and files autoloading?
+. What is the difference between interface, abstract class, and trait — and when should you choose each?
+. What are PHP attributes (#[Attribute]) and when would you use them instead of docblock annotations?
+. How does PHP-FPM work, and how does it manage worker processes to handle concurrent requests?
+. How does OPCache improve performance, and what happens when a file changes after it has been cached?
+. Explain the lifecycle of an HTTP request in PHP from the moment it hits the server to the response being sent back.
+. How does memory management work in PHP — how is memory allocated per request and what causes memory leaks?
+. Can PHP handle concurrency, and what approaches can be used (async, parallel, process-based)?
+. How would you implement concurrent API calls in PHP (e.g. calling three external APIs in parallel)?
+. What are Fibers in PHP 8.1 and how do they differ from goroutines or threads?
+. What is Swoole or RoadRunner and how do they differ from the traditional PHP-FPM request model?
+. What do the three numbers in Semantic Versioning (MAJOR.MINOR.PATCH) mean, and when should each be incremented?
+===== Laravel & Symfony =====
+. How does Laravel's service container work — what is IoC, how does auto-wiring use Reflection, and when would you use bind() vs singleton()?
+. What are Laravel service providers, what is the difference between register() and boot(), and when would you create a custom one?
+. Explain Dependency Injection in Laravel — how does the container resolve constructor dependencies automatically?
+. How do Laravel middleware work — how are they registered, in what order do they run, and how do you pass parameters to them?
+. How do Laravel events and listeners work — when would you use them over direct method calls, and how do you make listeners queued?
+. How do Laravel queues work — what is a job, how do workers consume jobs, and how do you handle failed jobs?
+. How do you handle long-running tasks in Laravel so they do not block the HTTP response?
+. How does Eloquent ORM work internally — how does it map database rows to model instances and handle relationships?
+. What are the advantages and disadvantages of Eloquent ORM vs Query Builder, and when would you choose one over the other?
+. Explain Symfony's Dependency Injection component — what is a compiler pass, what are tagged services, and how does it differ from Laravel's container?
+. Explain Symfony's Event Dispatcher — how does it compare to Laravel events, and when would you use it?
+. Explain Symfony Messenger — how does it handle message routing, transport, retry, and failure queues?
+. Which Laravel and Symfony versions are you currently using, and are you aware of the major differences between recent releases?
+===== Golang =====
+. Explain the lifecycle of an HTTP request in Go from net/http receiving a connection to the handler returning a response.
+. What is a goroutine — how is it different from an OS thread, and how does Go schedule them?
+. What is the difference between a goroutine and a thread in terms of memory footprint, scheduling, and creation cost?
+. What is a channel in Go — how does it enable safe communication between goroutines?
+. What is the difference between a buffered and an unbuffered channel, and when would you use each?
+. What is a select statement in Go and how does it handle multiple channel operations simultaneously?
+. What are common goroutine leaks, what causes them, and how do you detect and prevent them?
+. What is context.Context and why is it important for cancellation, timeouts, and request-scoped values?
+. How does cancellation propagate through a context tree — what happens when a parent context is cancelled?
+. What is an interface in Go — how does implicit interface satisfaction differ from Java-style explicit implementation?
+. What is interface segregation in Go and how does keeping interfaces small improve testability?
+. What are type assertions and type switches, and when would you use them safely?
+. How does dependency injection work in Go — since there is no IoC container, what patterns or tools (Wire, Fx) do you use?
+. How does Go's runtime scheduler (M:N scheduler) work — what are M, P, and G?
+. What is GOMAXPROCS and how does it affect parallelism at runtime?
+. How does Go's garbage collector work, and how do you reduce GC pressure in high-throughput services?
+. How do you gracefully shut down a Go HTTP service without dropping in-flight requests?
+. How do you handle SIGTERM and SIGINT signals in a Go service?
+. During server shutdown, how do you ensure remaining in-flight requests are finished before the process exits?
+. What are worker pools in Go, when would you use them, and how do you implement one with goroutines and channels?
+===== Authentication & Authorization =====
+. What are the key differences between Session, JWT, and OAuth2 — and when should you choose each?
+. How does session-based authentication work internally — where is session data stored and how is it tied to a cookie?
+. How does JWT authentication work internally — what role do HMAC secret keys and RSA public/private keys play in verification?
+. What are the three parts of a JWT (header, payload, signature) and what does each contain?
+. What is the difference between an access token and a refresh token in terms of lifetime, storage, and usage?
+. How does OAuth2 work — what are the roles (resource owner, client, authorization server, resource server)?
+. Explain the Authorization Code Flow — why is it more secure than the Implicit Flow?
+. Explain the Client Credentials Flow — when is it used and what kind of client uses it?
+. What is PKCE (Proof Key for Code Exchange) and why is it required for public clients?
+. What is OpenID Connect (OIDC) — how does it extend OAuth2 to provide identity information?
+. What is RBAC (Role-Based Access Control) and how would you model it in a database?
+. What is ABAC (Attribute-Based Access Control) and when is it more appropriate than RBAC?
+. How would you implement authorization (roles, permissions, policies) in a Laravel application?
+. How would you implement authorization in a Go service — using middleware, policy objects, or a library like Casbin?
+. When should you choose session-based auth over JWT, considering statefulness, scalability, and revocation needs?
+. When should you choose OAuth2 over simple JWT — what does OAuth2 add that plain JWT does not provide?
+===== Security =====
+. What is CORS and why do browsers enforce it — what problem does the Same-Origin Policy solve?
+. What is the difference between a simple CORS request and a preflight (OPTIONS) request — what triggers a preflight?
+. What are the important CORS response headers and what does each one control?
+. Why can you not use a wildcard Access-Control-Allow-Origin: * when the request includes credentials (cookies or Authorization header)?
+. How do cookies work — how are they set, sent, and scoped by domain and path?
+. What is the HttpOnly cookie flag and what attack does it mitigate?
+. What is the Secure cookie flag and when is it required?
+. What is the SameSite cookie attribute and why was it introduced?
+. What is the difference between SameSite=Strict, SameSite=Lax, and SameSite=None, and when would you use each?
+. What is CSRF (Cross-Site Request Forgery) — how does an attacker exploit it and what is the impact?
+. How does Laravel protect against CSRF attacks — how does the CSRF token mechanism work under the hood?
+. What is XSS (Cross-Site Scripting) — how does an attacker inject and execute malicious scripts?
+. What is the difference between Stored XSS, Reflected XSS, and DOM-based XSS?
+. What is SQL Injection — how does parameterized queries or prepared statements prevent it?
+. What is SSRF (Server-Side Request Forgery) — how can it be exploited and how do you prevent it?
+. What is Clickjacking — how does it work and how do X-Frame-Options or CSP frame-ancestors mitigate it?
+. What is rate limiting — what strategies (fixed window, sliding window, token bucket) would you implement for an API?
+. What are the OWASP Top 10 risks and which ones are most relevant to a PHP/Go backend?
+. How do you secure REST APIs — authentication, input validation, output encoding, TLS, rate limiting?
+. How do you secure file uploads — what validations and storage strategies prevent abuse?
+===== Database =====
+==== Fundamentals ====
+. What are database indexes, how does a B-tree index work, and what are the read/write trade-offs?
+. What is the difference between a clustered index and a non-clustered index — how does InnoDB use the primary key as a clustered index?
+. What is a covering index and how does it eliminate the need for a row lookup (table access)?
+. What is the difference between a B-Tree index and a Hash index — when is each appropriate?
+. What are the main differences between PostgreSQL and MySQL in terms of features, concurrency model, and use cases?
+. When would you choose PostgreSQL over MySQL — what specific features make PostgreSQL better for complex workloads?
+. What is JSONB in PostgreSQL — how does it differ from JSON, and when is it useful?
+. What is the difference between normalization and denormalization — when is denormalization a justified trade-off?
+==== Query Optimization ====
+. How do you approach optimizing a slow SQL query — what is your step-by-step process?
+. How do you use EXPLAIN (or EXPLAIN ANALYZE) to read a query execution plan — what columns matter most?
+. What is the N+1 query problem and how do you fix it with eager loading or JOINs?
+. How do you optimize queries on tables with billions of rows — indexing strategy, partitioning, archiving?
+. What database metrics do you monitor (slow query log, index hit rate, connection pool, lock waits) and with what tools?
+==== Transactions ====
+. What are the ACID properties — explain each one and why they matter for data integrity?
+. What are database isolation levels and what concurrency anomalies does each level prevent?
+. What is the difference between Read Committed, Repeatable Read, and Serializable isolation levels?
+. What is the difference between optimistic locking and pessimistic locking — when would you use each?
+. What are deadlocks — how do they occur and how do you detect, prevent, or recover from them?
+==== Large Scale Databases ====
+. How would you add a new column to a table with billions of rows without causing downtime?
+. What migration risks should be considered when altering a live, high-traffic table?
+. How would you backfill data into a new column safely without locking the table or overloading the database?
+. How do online schema migration tools (gh-ost, pt-online-schema-change) work to avoid table locks?
+. How do you avoid downtime during database migrations in a zero-downtime deployment?
+. How would you design a statistics table (monthly/yearly aggregates) to serve dashboard queries efficiently?
+. How would you generate reports on a table with billions of rows without impacting the live database?
+. When would you use realtime reporting vs batch reporting — what infrastructure does each approach require?
+. When should you use materialized views and how do you keep them up to date?
+. How would you implement pre-aggregation to serve analytics queries at scale?
+. How would you partition a very large table — range, list, or hash partitioning — and what are the trade-offs?
+. What is the difference between sharding and partitioning — when does sharding become necessary?
+===== REST API =====
+. What are the HTTP methods (GET, POST, PUT, PATCH, DELETE) — what do idempotent and safe mean in this context?
+. What makes an API RESTful — what are the key constraints (statelessness, uniform interface, resource-based URLs)?
+. What is the difference between HTTP 401 Unauthorized and 403 Forbidden — when should you return each?
+. What are the important HTTP status codes every backend developer should know and when is each appropriate?
+. What does it mean for an API to be idempotent — why is idempotency important for retries and safe operations?
+. What API versioning strategies exist (URL path, header, query param) and what are the trade-offs of each?
+. What pagination strategies are available (offset, cursor, keyset) and what are the trade-offs?
+. What is the difference between cursor-based pagination and offset-based pagination — why is cursor pagination better for large datasets?
+. What rate limiting strategies (fixed window, sliding window, token bucket, leaky bucket) would you implement and at what layer?
+. What are the responsibilities of an API gateway (auth, rate limiting, routing, SSL termination, logging)?
+===== Architecture & Scalability =====
+. Explain the five SOLID principles and give a concrete PHP or Go example for each.
+. Explain the Dependency Inversion Principle — how does depending on abstractions rather than concretions improve testability?
+. What design patterns do you use most frequently in backend systems and why?
+. Explain the Factory pattern — what problem does it solve and how is it different from a simple constructor?
+. Explain the Strategy pattern — how does it allow swapping algorithms at runtime without modifying the caller?
+. Explain the Repository pattern — how does it decouple business logic from data access, and what are its drawbacks?
+. Explain the Observer pattern — how does it enable decoupled side effects and how does it relate to event-driven design?
+. What is Event-Driven Architecture — how does it differ from request-driven, and when is it the right choice?
+. What is CQRS (Command Query Responsibility Segregation) — what problem does it solve and what complexity does it add?
+. What is Domain-Driven Design — what are bounded contexts, aggregates, and domain events, and when is DDD worth the overhead?
+. What is Clean Architecture — how do the dependency rules between layers prevent framework and infrastructure lock-in?
+. What is Hexagonal Architecture (Ports and Adapters) — how does it differ from Clean Architecture?
+. What are the trade-offs between a monolith and microservices — when does a monolith become a problem?
+. How would you break a monolith into services — what is the strangler fig pattern and how do you avoid a distributed monolith?
+. What is eventual consistency — when is it acceptable and when do you need strong consistency?
+. What are distributed transactions — why are they hard and what alternatives exist?
+. What is the Saga pattern — how do choreography-based and orchestration-based sagas differ?
+. How would you design a scalable REST API — what decisions affect scalability from day one?
+. How would you design a booking system — how do you handle availability checks, concurrency, and double-booking prevention?
+. How would you design a POS (Point of Sale) system that must work reliably offline?
+===== Queue, Messaging & Streaming =====
+. Why use a message queue instead of direct synchronous calls — what problems does async processing solve?
+. How do Laravel queues work — how are jobs dispatched, stored, consumed by workers, and retried on failure?
+. What are the main differences between SQS, RabbitMQ, and Kafka in terms of delivery model, persistence, and use cases?
+. What is the difference between a message queue and an event stream — when would you use Kafka instead of SQS?
+. What is the difference between at-least-once and exactly-once delivery — what are the implications for consumer design?
+. What is a Dead Letter Queue (DLQ) and how should you handle messages that land in it?
+. What are common retry strategies (exponential backoff, jitter) and how do you avoid retry storms?
+. What does it mean for a consumer to be idempotent — how do you design a consumer that can safely process the same message twice?
+. What is event sourcing — how does it differ from storing only the current state, and what are the trade-offs?
+. How would you architect a system that needs to process millions of jobs per day reliably?
+===== Testing =====
+. What is the difference between unit, integration, and functional tests — what does each test in isolation and what is the trade-off?
+. What is the difference between a mock, a stub, and a fake — when would you use each and how do they differ in behavior?
+. How do you test code that depends on an external API — what is the VCR pattern and when would you use it?
+. What is contract testing (e.g. with Pact) — how does it catch breaking API changes between a consumer and a provider?
+. What should be mocked in a unit test and what should never be mocked — where is the line between isolation and over-mocking?
+. How do you test an asynchronous job — how do you assert that a job was dispatched and that it produces the correct side effect?
+. How do you test an event-driven system — how do you verify that publishing an event triggers the correct downstream behavior?
+. What code coverage percentage do you target and how do you think about line coverage vs branch coverage vs mutation testing?
+===== DevOps & Cloud =====
+. What does your ideal CI/CD pipeline for a PHP or Go project look like — what stages run and in what order?
+. What is the difference between blue-green deployment and canary deployment — when would you choose each?
+. How do you manage secrets and environment-specific configuration securely — what tools and practices do you follow?
+. What is the difference between Docker and Kubernetes — what problem does Kubernetes solve that Docker alone does not?
+. What is the difference between ECS and EKS on AWS — when would you choose one over the other?
+. How would you deploy a PHP (Laravel) application to production — what infrastructure, process manager, and deployment strategy?
+. How would you deploy a Go service to production — what are the considerations for binary deployment vs containerization?
+. What AWS services are commonly used in a backend system and what role does each play?
+. How does CloudFront work as a CDN — what can you cache and what are the cache invalidation strategies?
+. How does Amazon SQS work — what are its delivery guarantees and how do you handle duplicate messages?
+. What is Amazon EventBridge and when would you use it instead of SQS or SNS?
+. What is RDS Proxy and why would you use it in front of an RDS database?
+. How does Auto Scaling work on AWS — what metrics trigger scaling and what are the risks of aggressive scaling policies?
+. What is your observability strategy — how do you use logs, metrics, and traces together to debug a production issue?
+===== Leadership =====
+. How do you conduct effective code reviews — what do you look for, how do you give feedback, and what is a blocking vs non-blocking comment?
+. How do you enforce coding standards on a team — what is the balance between automated tooling and human review?
+. How do you mentor junior developers — what is your approach to pairing, feedback, and growing their ownership?
+. How do you handle a developer who keeps repeating the same mistakes — how do you give feedback without damaging the relationship?
+. How do you communicate a complex technical decision to a non-technical stakeholder — what framing and language do you use?
+. How do you handle a technical disagreement within the team — how do you reach a decision when smart people disagree?
+. How do you lead an architecture discussion — how do you make sure the right voices are heard and a decision gets made?
+. How do you manage a critical production incident — what is your process from detection to resolution to post-mortem?
+===== Bonus =====
+. What are the key differences between GraphQL and REST — when does GraphQL solve a real problem and when is it overkill?
+. What is gRPC and how does it differ from REST — when would you choose gRPC for service-to-service communication?
+. What is OpenTelemetry — how does it standardize instrumentation across logs, metrics, and traces?
+. What is distributed tracing — how does a trace ID propagate across services and how do you use it to debug a slow request?
+. What is the CAP Theorem — what does it mean in practice when designing a distributed system?
+. What is consistent hashing — what problem does it solve in distributed caches or sharded databases?
+. What backend technology trends (e.g. eBPF, WebAssembly, AI-assisted coding, edge compute) are you currently following and why?