What are the main differences between monolithic and microservices architecture?
Monolith: Single deployable unit, tightly coupled.
Microservices: Independent, loosely coupled services with their own databases.
Trade-off: Monolith → easier to start, harder to scale. Microservices → scalable, fault-tolerant, but complex (DevOps, observability, networking).
How do you handle authentication and authorization in a distributed system?
Authentication: Verify identity (OAuth 2.0, JWT, SSO).
Authorization: Verify permissions (RBAC, ABAC, Casbin).
Best practice: Centralized auth service, tokens for communication, short-lived + refresh tokens.
What’s the difference between SQL and NoSQL databases, and when would you use each?
SQL (MySQL, Postgres): Structured schema, ACID, good for transactions.
NoSQL (MongoDB, Redis): Flexible schema, BASE, good for scalability & unstructured data.
Use SQL for banking apps, NoSQL for analytics, logs, caching.
How would you design a URL shortener like bit.ly?
Core features: Mapping long → short URL, redirection.
Data structures: Hashing (MD5, Base62).
DB choice: Key-Value (Redis, DynamoDB).
Scalability: Handle billions of requests → use sharding, caching, CDN.
Explain CAP theorem in distributed systems.
Consistency: Every read gets latest write.
Availability: Every request gets a response (even if stale).
Partition tolerance: System continues despite network failures.
👉 In practice: you can only pick 2 out of 3 (e.g., CP like Mongo, AP like Cassandra).
How do you ensure code quality in a large project?
Code reviews & pair programming.
Automated testing (unit, integration, E2E).
Static analysis & linting.
CI/CD pipelines.
Documentation & coding standards.
What is the difference between horizontal and vertical scaling?
Vertical: Add more resources (CPU/RAM) to a single machine.
Horizontal: Add more machines (clusters, load balancers).
Horizontal preferred in modern cloud-native systems (Kubernetes, AWS).
How would you handle rate limiting in an API?
Use Token Bucket or Leaky Bucket algorithm.
Middleware in API Gateway (e.g., NGINX, Kong).
Store counters in Redis for distributed enforcement.
What’s the difference between REST and gRPC?
REST: Text-based (JSON), human-readable, widely supported.
gRPC: Binary (Protocol Buffers), faster, strongly typed, good for service-to-service comms.
👉 REST for public APIs, gRPC for internal microservices.
What steps do you take when debugging a production issue?
Reproduce issue in staging (if possible).
Check logs/metrics/traces (ELK, Prometheus, Grafana).
Identify recent changes (git history, deployment logs).
Isolate root cause (DB latency? Memory leak? Bad deployment?).
Rollback if critical, fix + add tests.
Document postmortem.
Explain the difference between concurrency and parallelism.
Concurrency is about dealing with multiple tasks at once (managing context switching). Parallelism is about executing multiple tasks simultaneously using multiple processors/cores.
What is the difference between a process and a thread?
A process is an independent program with its own memory space. A thread is a lightweight unit of execution within a process, sharing memory with other threads in the same process.
How would you design a logging system for microservices?
Use centralized logging (e.g., ELK stack, Fluentd). Each service sends logs to a collector. Ensure structured logs (JSON), correlation IDs for tracing requests, and log levels for filtering.
What are some common caching strategies?
Cache-aside (lazy loading), Write-through, Write-behind, and Refresh-ahead. Each has trade-offs between latency, consistency, and complexity.
Explain the difference between strong and eventual consistency.
Strong consistency: all reads reflect the latest write. Eventual consistency: reads may be stale temporarily but will converge to the latest state eventually.
What is the difference between TCP and UDP?
TCP is connection-oriented, reliable, ordered, slower (used for HTTP, email). UDP is connectionless, faster, no guarantee of delivery (used for video streaming, DNS).
How do you avoid deadlocks in concurrent programming?
Strategies: consistent lock ordering, using timeouts, avoiding nested locks, detecting deadlocks and rolling back one transaction.
What is the difference between continuous integration, delivery, and deployment?
CI: merging code frequently with automated tests. CD (Delivery): preparing code for release automatically. CD (Deployment): automatically deploying every change to production.
How would you secure sensitive data in a database?
Encrypt data at rest and in transit, use strong access controls, rotate keys, avoid storing plain-text passwords (use bcrypt/argon2).
What are idempotent operations and why are they important in APIs?
An operation is idempotent if multiple identical requests have the same effect as one request (e.g., PUT, DELETE). Important for retries and fault-tolerance in distributed systems.
ACID
ACID is a set of properties that ensure reliable transactions in traditional relational databases (like MySQL, PostgreSQL, Oracle). It focuses on consistency and reliability.
Atomicity, Consistency, Isolation, Durability
Atomicity
“All or nothing.”
A transaction is treated as a single unit. Either all operations succeed, or none are applied.
Example: Transferring money from Account A to Account B — either both debit and credit happen, or none.
Consistency
A transaction must bring the database from one valid state to another.
All rules, constraints, and relationships remain valid.
Example: You can’t have negative balance if the schema doesn’t allow it.
Isolation
Transactions happen independently, as if they’re the only transaction running.
Prevents issues like dirty reads, non-repeatable reads, or phantom reads.
Example: Two people buying the last movie ticket simultaneously — only one succeeds.
Durability
Once a transaction is committed, it’s permanently saved, even if the system crashes.
Typically achieved through logs, backups, or replication.
👉 Summary: ACID is about strong consistency, reliability, and safety.
BASE
BASE is a set of principles often used in NoSQL databases (like Cassandra, DynamoDB, MongoDB). It focuses on scalability and availability over strict consistency.
Basically Available, Soft State. Eventual Consistency
Basically Available
The system guarantees availability (it will respond), but the data may not be the most recent.
Example: In Amazon DynamoDB, you might get slightly old data, but the system will never hang.
Soft State
The system’s state may change over time, even without new input.
Because of replication and eventual consistency, data can be “in flux” temporarily.
Eventual Consistency
The system will become consistent eventually, given enough time, but not immediately.
Example: In Cassandra, if you update a record, other replicas may take time to reflect the update.
👉 Summary: BASE is about high availability and partition tolerance, sacrificing immediate consistency.
