1. What are PSR standards and why do they matter?

2. What new features in PHP 8.x have you used?

3. How does Composer autoloading work?

4. What is the difference between interface, abstract class, and trait?

5. What are PHP attributes and when would you use them?

6. How does PHP-FPM work?

7. How does OPCache improve performance?

8. Explain the lifecycle of an HTTP request in PHP.

9. How does memory management work in PHP?

10. Can PHP handle concurrency? What approaches can be used?

11. How would you implement concurrent API calls in PHP?

12. What are Fibers in PHP?

13. What is Swoole/RoadRunner and how do they differ from PHP-FPM?

14. What do the three numbers in Semantic Versioning (MAJOR.MINOR.PATCH) mean?

1. How does Laravel's service container work?

2. What are Laravel service providers?

3. Explain Dependency Injection in Laravel.

4. How do Laravel middleware work?

5. How do Laravel events and listeners work?

6. How do Laravel queues work?

7. How do you handle long-running tasks in Laravel?

8. How does Eloquent ORM work internally?

9. What are the advantages and disadvantages of Eloquent vs Query Builder?

10. Explain Symfony Dependency Injection.

11. Explain Symfony Event Dispatcher.

12. Explain Symfony Messenger.

13. Which Laravel and Symfony versions are you currently using?

1. Explain the lifecycle of an HTTP request in Go.

Go's HTTP server accepts a connection, creates goroutines to handle requests, executes middleware and handlers, writes the response, and then either reuses or closes the connection.

2. What is a goroutine?

A goroutine is a lightweight thread managed by the Go runtime that enables concurrent execution.

3. Goroutine vs Thread?

Goroutines are much lighter than OS threads and are multiplexed onto threads by Go's scheduler.

4. What is a channel?

Channels allow goroutines to safely communicate and synchronize without shared memory.

5. Buffered vs Unbuffered channels?

Unbuffered channels synchronize sender and receiver immediately, while buffered channels allow limited asynchronous communication.

6. What is a select statement?

Select allows a goroutine to wait on multiple channel operations and execute whichever becomes ready first.

7. What are common goroutine leaks and how do you prevent them?

Goroutine leaks occur when goroutines wait forever. I prevent them using context cancellation, proper channel management, timeouts, and cleanup logic.

8. What is context.Context and why is it important?

Context enables cancellation, deadlines, and request-scoped metadata across API calls and goroutines.

9. How does cancellation propagate through contexts?

Contexts form a tree. When a parent context is cancelled, all derived child contexts are automatically cancelled.

10. What is an interface in Go?

An interface specifies a set of methods that a type must implement.

11. What is interface segregation in Go?

Go encourages small interfaces that represent a single responsibility rather than large general-purpose interfaces.

12. What are type assertions and type switches?

Type assertions extract a concrete type from an interface, while type switches handle multiple possible types safely.

13. How does dependency injection work in Go?

Dependency injection in Go is typically done through constructors and interfaces rather than frameworks.

14. How does Go's scheduler work?

Go's scheduler maps many goroutines onto a smaller number of OS threads using an M:N scheduling model.

15. Explain GOMAXPROCS.

GOMAXPROCS defines the number of OS threads that can execute Go code concurrently.

16. How does garbage collection work in Go?

Go uses a concurrent mark-and-sweep garbage collector designed to minimize pause times while reclaiming unused memory.

17. How do you gracefully shut down a Go service?

Graceful shutdown stops new traffic, allows in-flight requests to complete, cleans up resources, and then terminates the service.

18. How do you handle SIGTERM and SIGINT?

I listen for SIGTERM and SIGINT, trigger graceful shutdown, wait for cleanup, and then exit safely.

19. During server shutdown, how do you finish remaining requests safely?

During shutdown I stop accepting new requests and allow existing requests to complete within a configurable timeout.

20. What are worker pools and when would you use them?

A worker pool limits the number of concurrent goroutines processing jobs. It is useful for CPU-intensive tasks, background jobs, and protecting external systems from overload.

1. Session vs JWT vs OAuth2?

2. How does Session Authentication work internally?

3. How does JWT Authentication work internally and how do Secret Keys and Public/Private Keys help secure JWTs?

4. What are the three parts of a JWT?

5. Access Token vs Refresh Token?

6. How does OAuth2 work?

7. Explain Authorization Code Flow.

8. Explain Client Credentials Flow.

9. Explain PKCE.

10. What is OpenID Connect (OIDC)?

11. What is RBAC?

12. What is ABAC?

13. How would you implement authorization in Laravel?

14. How would you implement authorization in Go?

15. When should you choose Session over JWT?

16. When should you choose OAuth2 over JWT?

1. What is CORS and why do browsers need it?

2. Simple Request vs Preflight Request?

3. Important CORS headers?

4. Why can't wildcard origins be used with credentials?

5. How do cookies work?

6. What is HttpOnly?

7. What is Secure Cookie?

8. What is SameSite?

9. SameSite=Strict vs Lax vs None?

10. What is CSRF?

11. How does Laravel protect against CSRF?

12. What is XSS?

13. Stored vs Reflected vs DOM XSS?

14. What is SQL Injection?

15. What is SSRF?

16. What is Clickjacking?

17. What is Rate Limiting?

18. What are OWASP Top 10 risks?

19. How do you secure REST APIs?

20. How do you secure file uploads?

1. What are indexes and their trade-offs?

2. Clustered vs Non-Clustered Index?

3. Covering Index?

4. B-Tree vs Hash Index?

5. PostgreSQL vs MySQL?

6. When would you choose PostgreSQL?

7. What is JSONB?

8. Normalization vs Denormalization?

9. How do you optimize a slow query?

10. How do you use EXPLAIN?

11. What is the N+1 problem?

12. How do you optimize queries on tables with billions of rows?

13. What database metrics do you monitor?

14. What are ACID properties?

15. Explain Isolation Levels.

16. Read Committed vs Repeatable Read vs Serializable?

17. Optimistic vs Pessimistic Locking?

18. What are deadlocks?

19. How would you add a new column to a table with billions of rows?

For a table with billions of rows, I would avoid a direct NOT NULL column addition because it may trigger a table rewrite or long lock. I would use an Expand → Backfill → Contract strategy: add the column as nullable, deploy code that writes the new column, backfill existing rows in small batches, verify completion, and finally enforce constraints. For MySQL, I would also evaluate online schema migration tools such as gh-ost or pt-online-schema-change to minimize downtime.

20. What migration risks should be considered?

Before running a migration on a table with billions of rows, I would assess locking behavior, replication impact, rollback strategy, disk usage, application compatibility, and database load. For schema changes, I typically use the Expand → Backfill → Contract pattern and batch updates to achieve zero or near-zero downtime. I would also monitor replication lag, query latency, error rates, and storage utilization throughout the migration.

21. How would you backfill data safely?

I backfill data in small batches, avoid long transactions, monitor database load, and verify correctness before enabling new constraints.

22. How do online schema migrations work?

Online schema migration creates a shadow table, copies data incrementally while syncing live changes, and then performs a quick cutover to minimize downtime.

23. How do you avoid downtime during migrations?

I avoid downtime using backward-compatible schema changes, phased deployments, batch backfills, and the Expand-Migrate-Contract pattern.

24. How would you design monthly/yearly statistics tables?

I would keep raw transactional data separate from reporting tables and maintain monthly/yearly aggregate tables that are updated incrementally. Reports read from aggregates instead of scanning the full dataset.

25. How would you generate reports with billions of rows?

For billions of rows, I would move reporting workloads to a data warehouse and use pre-aggregation instead of scanning the transactional database.

26. Realtime reporting vs batch reporting?

Use realtime when business decisions depend on current data. Use batch when slight delays are acceptable and cost efficiency is important.

27. When should you use materialized views?

I use materialized views for expensive aggregations that are read frequently but don't require perfectly realtime data.

28. How would you implement pre-aggregation?

I would maintain summary tables and incrementally update them rather than repeatedly aggregating billions of rows.

29. How would you partition very large tables?

For large datasets I usually partition by date because most queries filter by time ranges and old data can be archived easily.

30. Sharding vs Partitioning?

Partitioning splits data within a database for performance, while sharding distributes data across multiple databases to achieve horizontal scalability. Partitioning is usually tried before sharding because it is much simpler to operate.

Example

Partitioning:
DB1
 ├─ orders_2025
 ├─ orders_2026
 └─ orders_2027

Sharding:
DB1 → Users A-F
DB2 → Users G-M
DB3 → Users N-Z

1. HTTP methods and their meanings?

2. What makes an API RESTful?

3. HTTP 401 vs 403?

4. Important HTTP status codes?

5. Idempotent APIs?

6. API versioning strategies?

7. Pagination strategies?

8. Cursor vs Offset Pagination?

9. Rate limiting strategies?

10. API gateway responsibilities?

1. Explain the SOLID principles.

2. Explain Dependency Inversion with examples.

3. What design patterns do you use most?

4. Factory Pattern?

5. Strategy Pattern?

6. Repository Pattern?

7. Observer Pattern?

8. Event-Driven Architecture?

9. CQRS?

10. Domain-Driven Design?

11. Clean Architecture?

12. Hexagonal Architecture?

13. Monolith vs Microservices?

14. How would you break a monolith into services?

15. Eventual Consistency?

16. Distributed Transactions?

17. Saga Pattern?

18. How would you design a scalable REST API?

19. How would you design a booking system?

20. How would you design a POS system?

1. Why use queues?

2. How do Laravel queues work?

3. SQS vs RabbitMQ vs Kafka?

4. Message Queue vs Event Stream?

5. At-least-once vs Exactly-once delivery?

6. Dead Letter Queues?

7. Retry strategies?

8. Idempotent consumers?

9. Event sourcing?

10. How would you process millions of jobs per day?

1. Unit vs Integration vs Functional Tests?

2. Mock vs Stub vs Fake?

3. Testing external APIs?

4. Contract Testing?

5. What should be mocked?

6. Testing asynchronous jobs?

7. Testing event-driven systems?

8. Code coverage targets?

1. Ideal CI/CD pipeline?

2. Blue-Green vs Canary Deployment?

3. Secrets management?

4. Docker vs Kubernetes?

5. ECS vs EKS?

6. How would you deploy a PHP application?

7. How would you deploy a Go service?

8. AWS services commonly used in backend systems?

9. CloudFront?

10. SQS?

11. EventBridge?

12. RDS Proxy?

13. Auto Scaling?

14. Observability strategies?

1. Effective code reviews?

2. Enforcing coding standards?

3. Mentoring junior developers?

4. Handling repeated mistakes?

5. Communicating with non-technical stakeholders?

6. Handling technical disagreements?

7. Leading architecture discussions?

8. Managing production incidents?

1. GraphQL vs REST?

2. gRPC vs REST?

3. OpenTelemetry?

4. Distributed Tracing?

5. CAP Theorem?

6. Consistent Hashing?

7. What backend technology trends are you currently following?

Always follow this order:

1. Clarify requirements
2. Estimate scale
3. Define APIs
4. Design data model
5. Draw high-level architecture
6. Explain data flow
7. Identify bottlenecks
8. Discuss scaling
9. Discuss trade-offs
10. Explain failure handling

1. Design a URL shortener
2. Design a file storage service
3. Design a chat application
4. Design a notification system
5. Design a rate limiter
6. Design a distributed cache
7. Design a search autocomplete service
8. Design an API gateway
9. Design a job queue system
10. Design a payment processing system

1. Design a ride-sharing platform
2. Design a food delivery system
3. Design a social media news feed
4. Design a video streaming platform
5. Design an e-commerce platform
6. Design a real-time collaboration tool
7. Design a monitoring and logging platform
8. Design a recommendation engine
9. Design a distributed lock service
10. Design a multi-tenant SaaS platform

1. Design an order management system
2. Design an inventory system that prevents overselling
3. Design a coupon and promotion engine
4. Design a loyalty points system
5. Design an invoice generation system
6. Design a webhook processing platform
7. Design an OAuth2 / SSO authentication system
8. Design an event-driven microservices architecture
9. Design a distributed scheduler service
10. Design a monolith-to-microservices migration strategy

For every question, draw the following components:

Users / Mobile App / Web Browser
                |
                v
        CDN / Load Balancer
                |
                v
            API Gateway
                |
                v
         Application Services
          /        |        \
         /         |         \
        v          v          v
     Cache      Database    Queue
      |             |          |
      |             |          |
      v             v          v
    Redis      MySQL/NoSQL   Workers

                |
                v
      Monitoring / Logging

For each component, explain:

• Why it exists
• How it scales
• Single points of failure
• Data consistency requirements
• Availability requirements
• Security considerations
• Monitoring and alerting

• Availability (99.9%, 99.99%, etc.)
• Scalability
• Reliability
• Latency
• Throughput
• Durability
• Consistency
• Security
• Cost

Estimate before designing:

• Daily active users
• Requests per second (RPS)
• Peak traffic
• Storage requirements
• Read/write ratio
• Bandwidth requirements

Discuss when prompted:

• Database sharding
• Caching strategy
• Queue design
• Event-driven architecture
• Replication
• Multi-region deployment
• Disaster recovery
• Rate limiting
• Idempotency
• Distributed locking
• CAP theorem
• Eventual consistency

• Shorten long URLs
• Redirect users quickly
• High read traffic
• Custom aliases (optional)
• Analytics (optional)

POST /api/v1/shorten

Request:
{
  "url": "https://example.com/very/long/url"
}

Response:
{
  "shortUrl": "https://short.ly/abc123"
}

GET /abc123

Client
  |
  v
Load Balancer
  |
  v
URL Service
  |       \
  |        \
  v         v
Redis     MySQL

urls
----
id
short_code
long_url
created_at
expires_at

• Cache popular URLs in Redis
• Read replicas for MySQL
• Shard by short_code
• CDN for global traffic

• Retry failed writes
• Circuit breaker for dependencies
• Database replication
• Multi-region backup

• Start simple
• Draw before explaining
• Label every component
• State assumptions clearly
• Ask clarifying questions
• Explain trade-offs
• Think out loud
• Optimize only after the basic design works

Do not jump directly into technology choices.

Always follow:

Requirements → Scale → APIs → Data Model → Architecture → Bottlenecks → Trade-offs

1. What are PSR standards (PSR-1, PSR-12, PSR-4) and why do they matter for team consistency?
2. What new features in PHP 8.x (attributes, enums, fibers, named arguments, match expression, nullsafe operator) have you used in production?
3. How does Composer autoloading work, and what is the difference between PSR-4, PSR-0, classmap, and files autoloading?
4. What is the difference between interface, abstract class, and trait — and when should you choose each?
5. What are PHP attributes (#[Attribute]) and when would you use them instead of docblock annotations?
6. How does PHP-FPM work, and how does it manage worker processes to handle concurrent requests?
7. How does OPCache improve performance, and what happens when a file changes after it has been cached?
8. Explain the lifecycle of an HTTP request in PHP from the moment it hits the server to the response being sent back.
9. How does memory management work in PHP — how is memory allocated per request and what causes memory leaks?
10. Can PHP handle concurrency, and what approaches can be used (async, parallel, process-based)?
11. How would you implement concurrent API calls in PHP (e.g. calling three external APIs in parallel)?
12. What are Fibers in PHP 8.1 and how do they differ from goroutines or threads?
13. What is Swoole or RoadRunner and how do they differ from the traditional PHP-FPM request model?
14. What do the three numbers in Semantic Versioning (MAJOR.MINOR.PATCH) mean, and when should each be incremented?

1. How does Laravel's service container work — what is IoC, how does auto-wiring use Reflection, and when would you use bind() vs singleton()?
2. What are Laravel service providers, what is the difference between register() and boot(), and when would you create a custom one?
3. Explain Dependency Injection in Laravel — how does the container resolve constructor dependencies automatically?
4. How do Laravel middleware work — how are they registered, in what order do they run, and how do you pass parameters to them?
5. How do Laravel events and listeners work — when would you use them over direct method calls, and how do you make listeners queued?
6. How do Laravel queues work — what is a job, how do workers consume jobs, and how do you handle failed jobs?
7. How do you handle long-running tasks in Laravel so they do not block the HTTP response?
8. How does Eloquent ORM work internally — how does it map database rows to model instances and handle relationships?
9. What are the advantages and disadvantages of Eloquent ORM vs Query Builder, and when would you choose one over the other?
10. Explain Symfony's Dependency Injection component — what is a compiler pass, what are tagged services, and how does it differ from Laravel's container?
11. Explain Symfony's Event Dispatcher — how does it compare to Laravel events, and when would you use it?
12. Explain Symfony Messenger — how does it handle message routing, transport, retry, and failure queues?
13. Which Laravel and Symfony versions are you currently using, and are you aware of the major differences between recent releases?

1. Explain the lifecycle of an HTTP request in Go from net/http receiving a connection to the handler returning a response.
2. What is a goroutine — how is it different from an OS thread, and how does Go schedule them?
3. What is the difference between a goroutine and a thread in terms of memory footprint, scheduling, and creation cost?
4. What is a channel in Go — how does it enable safe communication between goroutines?
5. What is the difference between a buffered and an unbuffered channel, and when would you use each?
6. What is a select statement in Go and how does it handle multiple channel operations simultaneously?
7. What are common goroutine leaks, what causes them, and how do you detect and prevent them?
8. What is context.Context and why is it important for cancellation, timeouts, and request-scoped values?
9. How does cancellation propagate through a context tree — what happens when a parent context is cancelled?
10. What is an interface in Go — how does implicit interface satisfaction differ from Java-style explicit implementation?
11. What is interface segregation in Go and how does keeping interfaces small improve testability?
12. What are type assertions and type switches, and when would you use them safely?
13. How does dependency injection work in Go — since there is no IoC container, what patterns or tools (Wire, Fx) do you use?
14. How does Go's runtime scheduler (M:N scheduler) work — what are M, P, and G?
15. What is GOMAXPROCS and how does it affect parallelism at runtime?
16. How does Go's garbage collector work, and how do you reduce GC pressure in high-throughput services?
17. How do you gracefully shut down a Go HTTP service without dropping in-flight requests?
18. How do you handle SIGTERM and SIGINT signals in a Go service?
19. During server shutdown, how do you ensure remaining in-flight requests are finished before the process exits?
20. What are worker pools in Go, when would you use them, and how do you implement one with goroutines and channels?

1. What are the key differences between Session, JWT, and OAuth2 — and when should you choose each?
2. How does session-based authentication work internally — where is session data stored and how is it tied to a cookie?
3. How does JWT authentication work internally — what role do HMAC secret keys and RSA public/private keys play in verification?
4. What are the three parts of a JWT (header, payload, signature) and what does each contain?
5. What is the difference between an access token and a refresh token in terms of lifetime, storage, and usage?
6. How does OAuth2 work — what are the roles (resource owner, client, authorization server, resource server)?
7. Explain the Authorization Code Flow — why is it more secure than the Implicit Flow?
8. Explain the Client Credentials Flow — when is it used and what kind of client uses it?
9. What is PKCE (Proof Key for Code Exchange) and why is it required for public clients?
10. What is OpenID Connect (OIDC) — how does it extend OAuth2 to provide identity information?
11. What is RBAC (Role-Based Access Control) and how would you model it in a database?
12. What is ABAC (Attribute-Based Access Control) and when is it more appropriate than RBAC?
13. How would you implement authorization (roles, permissions, policies) in a Laravel application?
14. How would you implement authorization in a Go service — using middleware, policy objects, or a library like Casbin?
15. When should you choose session-based auth over JWT, considering statefulness, scalability, and revocation needs?
16. When should you choose OAuth2 over simple JWT — what does OAuth2 add that plain JWT does not provide?

1. What is CORS and why do browsers enforce it — what problem does the Same-Origin Policy solve?
2. What is the difference between a simple CORS request and a preflight (OPTIONS) request — what triggers a preflight?
3. What are the important CORS response headers and what does each one control?
4. Why can you not use a wildcard Access-Control-Allow-Origin: * when the request includes credentials (cookies or Authorization header)?
5. How do cookies work — how are they set, sent, and scoped by domain and path?
6. What is the HttpOnly cookie flag and what attack does it mitigate?
7. What is the Secure cookie flag and when is it required?
8. What is the SameSite cookie attribute and why was it introduced?
9. What is the difference between SameSite=Strict, SameSite=Lax, and SameSite=None, and when would you use each?
10. What is CSRF (Cross-Site Request Forgery) — how does an attacker exploit it and what is the impact?
11. How does Laravel protect against CSRF attacks — how does the CSRF token mechanism work under the hood?
12. What is XSS (Cross-Site Scripting) — how does an attacker inject and execute malicious scripts?
13. What is the difference between Stored XSS, Reflected XSS, and DOM-based XSS?
14. What is SQL Injection — how does parameterized queries or prepared statements prevent it?
15. What is SSRF (Server-Side Request Forgery) — how can it be exploited and how do you prevent it?
16. What is Clickjacking — how does it work and how do X-Frame-Options or CSP frame-ancestors mitigate it?
17. What is rate limiting — what strategies (fixed window, sliding window, token bucket) would you implement for an API?
18. What are the OWASP Top 10 risks and which ones are most relevant to a PHP/Go backend?
19. How do you secure REST APIs — authentication, input validation, output encoding, TLS, rate limiting?
20. How do you secure file uploads — what validations and storage strategies prevent abuse?

1. What are database indexes, how does a B-tree index work, and what are the read/write trade-offs?
2. What is the difference between a clustered index and a non-clustered index — how does InnoDB use the primary key as a clustered index?
3. What is a covering index and how does it eliminate the need for a row lookup (table access)?
4. What is the difference between a B-Tree index and a Hash index — when is each appropriate?
5. What are the main differences between PostgreSQL and MySQL in terms of features, concurrency model, and use cases?
6. When would you choose PostgreSQL over MySQL — what specific features make PostgreSQL better for complex workloads?
7. What is JSONB in PostgreSQL — how does it differ from JSON, and when is it useful?
8. What is the difference between normalization and denormalization — when is denormalization a justified trade-off?

1. How do you approach optimizing a slow SQL query — what is your step-by-step process?
2. How do you use EXPLAIN (or EXPLAIN ANALYZE) to read a query execution plan — what columns matter most?
3. What is the N+1 query problem and how do you fix it with eager loading or JOINs?
4. How do you optimize queries on tables with billions of rows — indexing strategy, partitioning, archiving?
5. What database metrics do you monitor (slow query log, index hit rate, connection pool, lock waits) and with what tools?

1. What are the ACID properties — explain each one and why they matter for data integrity?
2. What are database isolation levels and what concurrency anomalies does each level prevent?
3. What is the difference between Read Committed, Repeatable Read, and Serializable isolation levels?
4. What is the difference between optimistic locking and pessimistic locking — when would you use each?
5. What are deadlocks — how do they occur and how do you detect, prevent, or recover from them?

1. How would you add a new column to a table with billions of rows without causing downtime?
2. What migration risks should be considered when altering a live, high-traffic table?
3. How would you backfill data into a new column safely without locking the table or overloading the database?
4. How do online schema migration tools (gh-ost, pt-online-schema-change) work to avoid table locks?
5. How do you avoid downtime during database migrations in a zero-downtime deployment?
6. How would you design a statistics table (monthly/yearly aggregates) to serve dashboard queries efficiently?
7. How would you generate reports on a table with billions of rows without impacting the live database?
8. When would you use realtime reporting vs batch reporting — what infrastructure does each approach require?
9. When should you use materialized views and how do you keep them up to date?
10. How would you implement pre-aggregation to serve analytics queries at scale?
11. How would you partition a very large table — range, list, or hash partitioning — and what are the trade-offs?
12. What is the difference between sharding and partitioning — when does sharding become necessary?

1. What are the HTTP methods (GET, POST, PUT, PATCH, DELETE) — what do idempotent and safe mean in this context?
2. What makes an API RESTful — what are the key constraints (statelessness, uniform interface, resource-based URLs)?
3. What is the difference between HTTP 401 Unauthorized and 403 Forbidden — when should you return each?
4. What are the important HTTP status codes every backend developer should know and when is each appropriate?
5. What does it mean for an API to be idempotent — why is idempotency important for retries and safe operations?
6. What API versioning strategies exist (URL path, header, query param) and what are the trade-offs of each?
7. What pagination strategies are available (offset, cursor, keyset) and what are the trade-offs?
8. What is the difference between cursor-based pagination and offset-based pagination — why is cursor pagination better for large datasets?
9. What rate limiting strategies (fixed window, sliding window, token bucket, leaky bucket) would you implement and at what layer?
10. What are the responsibilities of an API gateway (auth, rate limiting, routing, SSL termination, logging)?

1. Explain the five SOLID principles and give a concrete PHP or Go example for each.
2. Explain the Dependency Inversion Principle — how does depending on abstractions rather than concretions improve testability?
3. What design patterns do you use most frequently in backend systems and why?
4. Explain the Factory pattern — what problem does it solve and how is it different from a simple constructor?
5. Explain the Strategy pattern — how does it allow swapping algorithms at runtime without modifying the caller?
6. Explain the Repository pattern — how does it decouple business logic from data access, and what are its drawbacks?
7. Explain the Observer pattern — how does it enable decoupled side effects and how does it relate to event-driven design?
8. What is Event-Driven Architecture — how does it differ from request-driven, and when is it the right choice?
9. What is CQRS (Command Query Responsibility Segregation) — what problem does it solve and what complexity does it add?
10. What is Domain-Driven Design — what are bounded contexts, aggregates, and domain events, and when is DDD worth the overhead?
11. What is Clean Architecture — how do the dependency rules between layers prevent framework and infrastructure lock-in?
12. What is Hexagonal Architecture (Ports and Adapters) — how does it differ from Clean Architecture?
13. What are the trade-offs between a monolith and microservices — when does a monolith become a problem?
14. How would you break a monolith into services — what is the strangler fig pattern and how do you avoid a distributed monolith?
15. What is eventual consistency — when is it acceptable and when do you need strong consistency?
16. What are distributed transactions — why are they hard and what alternatives exist?
17. What is the Saga pattern — how do choreography-based and orchestration-based sagas differ?
18. How would you design a scalable REST API — what decisions affect scalability from day one?
19. How would you design a booking system — how do you handle availability checks, concurrency, and double-booking prevention?
20. How would you design a POS (Point of Sale) system that must work reliably offline?

1. Why use a message queue instead of direct synchronous calls — what problems does async processing solve?
2. How do Laravel queues work — how are jobs dispatched, stored, consumed by workers, and retried on failure?
3. What are the main differences between SQS, RabbitMQ, and Kafka in terms of delivery model, persistence, and use cases?
4. What is the difference between a message queue and an event stream — when would you use Kafka instead of SQS?
5. What is the difference between at-least-once and exactly-once delivery — what are the implications for consumer design?
6. What is a Dead Letter Queue (DLQ) and how should you handle messages that land in it?
7. What are common retry strategies (exponential backoff, jitter) and how do you avoid retry storms?
8. What does it mean for a consumer to be idempotent — how do you design a consumer that can safely process the same message twice?
9. What is event sourcing — how does it differ from storing only the current state, and what are the trade-offs?
10. How would you architect a system that needs to process millions of jobs per day reliably?

1. What is the difference between unit, integration, and functional tests — what does each test in isolation and what is the trade-off?
2. What is the difference between a mock, a stub, and a fake — when would you use each and how do they differ in behavior?
3. How do you test code that depends on an external API — what is the VCR pattern and when would you use it?
4. What is contract testing (e.g. with Pact) — how does it catch breaking API changes between a consumer and a provider?
5. What should be mocked in a unit test and what should never be mocked — where is the line between isolation and over-mocking?
6. How do you test an asynchronous job — how do you assert that a job was dispatched and that it produces the correct side effect?
7. How do you test an event-driven system — how do you verify that publishing an event triggers the correct downstream behavior?
8. What code coverage percentage do you target and how do you think about line coverage vs branch coverage vs mutation testing?

1. What does your ideal CI/CD pipeline for a PHP or Go project look like — what stages run and in what order?
2. What is the difference between blue-green deployment and canary deployment — when would you choose each?
3. How do you manage secrets and environment-specific configuration securely — what tools and practices do you follow?
4. What is the difference between Docker and Kubernetes — what problem does Kubernetes solve that Docker alone does not?
5. What is the difference between ECS and EKS on AWS — when would you choose one over the other?
6. How would you deploy a PHP (Laravel) application to production — what infrastructure, process manager, and deployment strategy?
7. How would you deploy a Go service to production — what are the considerations for binary deployment vs containerization?
8. What AWS services are commonly used in a backend system and what role does each play?
9. How does CloudFront work as a CDN — what can you cache and what are the cache invalidation strategies?
10. How does Amazon SQS work — what are its delivery guarantees and how do you handle duplicate messages?
11. What is Amazon EventBridge and when would you use it instead of SQS or SNS?
12. What is RDS Proxy and why would you use it in front of an RDS database?
13. How does Auto Scaling work on AWS — what metrics trigger scaling and what are the risks of aggressive scaling policies?
14. What is your observability strategy — how do you use logs, metrics, and traces together to debug a production issue?

1. How do you conduct effective code reviews — what do you look for, how do you give feedback, and what is a blocking vs non-blocking comment?
2. How do you enforce coding standards on a team — what is the balance between automated tooling and human review?
3. How do you mentor junior developers — what is your approach to pairing, feedback, and growing their ownership?
4. How do you handle a developer who keeps repeating the same mistakes — how do you give feedback without damaging the relationship?
5. How do you communicate a complex technical decision to a non-technical stakeholder — what framing and language do you use?
6. How do you handle a technical disagreement within the team — how do you reach a decision when smart people disagree?
7. How do you lead an architecture discussion — how do you make sure the right voices are heard and a decision gets made?
8. How do you manage a critical production incident — what is your process from detection to resolution to post-mortem?

1. What are the key differences between GraphQL and REST — when does GraphQL solve a real problem and when is it overkill?
2. What is gRPC and how does it differ from REST — when would you choose gRPC for service-to-service communication?
3. What is OpenTelemetry — how does it standardize instrumentation across logs, metrics, and traces?
4. What is distributed tracing — how does a trace ID propagate across services and how do you use it to debug a slow request?
5. What is the CAP Theorem — what does it mean in practice when designing a distributed system?
6. What is consistent hashing — what problem does it solve in distributed caches or sharded databases?
7. What backend technology trends (e.g. eBPF, WebAssembly, AI-assisted coding, edge compute) are you currently following and why?