Abstract image of a woman sitting on books and studying on a laptop

Important Backend Concept for interview.

A
ArisWinandi1

This document outlines important backend concepts for interviews, covering key topics such as database languages, ACID properties, normalization, ER diagrams, and API principles. It emphasizes the necessity of understanding SQL commands, index types, and architecture frameworks like MVC, along with security aspects like SQL injection prevention. Additionally, it discusses REST principles, including statelessness and idempotent methods, while summarizing various database models.

Technology
1 of 46
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
IMPORTANT Backend Concepts for Interview Interview Questions & Explanations </> <HTML> <PHP> CSS PYTHON
Everyone learns uniquely. Learn Backend in a structured manner and master it by practically applying your skills. This Doc will help you with the same. *Disclaimer* 2 www.bosscoderacademy.com
What are the different languages present in DBMS? Q.1 The four types of DBMS languages are as follows: Data Manipulation Language (DML): It is used to manipulate the data and consists of the command for the same. E.g.: SELECT, INSERT, DELETE, UPDATE, etc. Data Definition Language (DDL): It is used to define and update the data. E.g.: TRUNCATE, ALTER, DROP, CREATE, RENAME, etc. Data Control Language (DCL): It is used to control the access to the data. E.g.: GRANT, REVOKE, etc. Transaction Control Language (TCL): It is used to handle the data transactions. E.g.: COMMIT, ROLLBACK, etc. 3 www.bosscoderacademy.com EASY EASY
What are ACID properties? Q.2 ACID properties are a set of properties that ensure reliable and secure transactions among databases. To maintain data consistency, ACID properties are followed. ACID stands for Atomicity, Consistency, Isolation, Durability. Atomicity: Either the entire transaction takes place at once or not at all. Consistency: The database must be consistent before and after a transaction Isolation: No other transaction can alter the data during a transaction is in progress Durability: The transactions made should be durable and must persist 4 www.bosscoderacademy.com EASY EASY
What is normalization? Explain the different types of normal forms. Q.3 Normalization is the technique that reduces data redundancy and eliminates insertion, updation and deletion anomalies. Normalization is the process of dividing the larger table into smaller tables and linking them through relationships. It is the process of organizing data in a database. Insertion Anomaly: Insertion Anomaly is when one cannot insert a new tuple into a relationship due to lack of data. Deletion Anomaly: Delete anomaly is where the deletion of data results in the unintended loss of some other important data. Updation Anomaly: Updation anomaly is when an update of a single data value requires multiple rows of data to be updated. Different types of normal forms: 1NF: It is known as the first normal form. A relation is said to be in 1NF if it contains an atomic value. 2NF: It is known as the second normal form. A relation is said to be in 2NF if it is in 1NF and each non-prime attribute is fully functionally dependent on the primary key. 3NF: It is known as the third normal form. A relation is said to be in 3NF if it is in 2NF and there is no transitive dependency. 5 www.bosscoderacademy.com MEDIUM MEDIUM
BCNF: It is known as Boyce Codd Normal Form which is a strict version of 3NF. A relation is said to be in BCNF if it is in 3NF and for every functional dependency X->Y, X is a super key of the table. It is also called the 3.5 Normal Form. 4NF: It is known as the fourth normal form. A relation is said to be in 4NF if it is in BCNF and there is no multivalued dependency in the table. 5NF: It is known as the fifth normal form. A relation is said to be in 5NF if it is in 4NF and it cannot be further decomposed into smaller tables. 6 www.bosscoderacademy.com
WhatisanERdiagram? Q.4 ERdiagramsstandforEntityRelationshipDiagram.Itisadiagramthat displaysthedifferententitiesandtherelationshipamongthemstored insidethedatabase. ERdiagramprovidesalogicalstructureofthedatabase.CreatinganER diagramforthedatabaseisastandardizedprocedureandisdone beforeimplementingthedatabase. ERdiagramisbasedonthreeconcepts: Entities:Itcanbedefinedasanobjecthavingsomeproperties.They arerepresentedusingrectangles.Eg:Car Attributes:Thepropertiesofanentityarecalledattributes.Theyare representedusingellipses.Eg:Carname,carmileage,cartype,etc Relationships:Relationshipsarehowtheentitiesarerelatedtoeach other.Theyarerepresentedusinglines. 7 www.bosscoderacademy.com EASY EASY
Givetheresultingtablesarisingfrom applyingJoinsonthefollowingtablesin SQL Q.5 Employees Table: 1 2 3 4 Alice Bob Charlie David 101 102 101 103 1 2 3 4 Alice Bob Charlie David 101 102 101 103 id name department_id Departments Table: 101 102 103 104 HR IT Marketing Sales 101 102 103 104 HR IT Marketing Sales id department_id 8 www.bosscoderacademy.com MEDIUM MEDIUM
Inner Join: Returns only the rows with matching values in both tables. Filters out rows with no match. SQL Query: SQL SELECT employees.name, departments.department_name FROM employees INNER JOIN departments ON employees.department_id = departments.id; Output: Alice Bob Charlie David HR IT HR Marketing Alice Bob Charlie David HR IT HR Marketing name department_name 9 www.bosscoderacademy .com
Left Join (Left Outer Join): Returns all rows from the left table and the matched rows from the right table. If there is no match in the right table, NULL values are returned. SQL Query: SQL SELECT employees.name, departments.department_name FROM employees LEFT JOIN departments ON employees.department_id = departments.id; Output: Alice Bob Charlie David HR IT HR Marketing Alice Bob Charlie David HR IT HR Marketing name department_name 10 www.bosscoderacademy.com
Right Join (Right Outer Join): Returns all rows from the right table and the matched rows from the left table. If there is no match in the left table, NULL values are returned. SQL Query: SQL SELECT employees.name, departments.department_name FROM employees RIGHT JOIN departments ON employees.department_id = departments.id; Output: Alice Bob Charlie David NULL HR IT HR Marketing Sales Alice Bob Charlie David NULL HR IT HR Marketing Sales name department_name 11 www.bosscoderacademy.com
Full Outer Join: Returns all rows when there is a match in either the left or right table. Includes rows with no match in either table with NULL values. SQL Query: SQL SELECT employees.name, departments.department_name FROM employees FULL OUTER JOIN departments ON employees.department_id = departments.id; Output: Alice Bob Charlie David NULL HR IT HR Marketing Sales Alice Bob Charlie David NULL HR IT HR Marketing Sales name department_name 12 www.bosscoderacademy.com
Self Join: Combines rows from a single table, treating it as two separate tables. Often used for hierarchical data. SQL Query: SQL SELECT e1.name, e2.name AS manager FROM employees e1 LEFT JOIN employees e2 ON e1.manager_id = e2.id; Output: Alice Bob Charlie David NULL NULL Alice NULL Alice Bob Charlie David NULL NULL Alice NULL name manager 13 www.bosscoderacademy.com
What is statelessness in REST? Q.6 In REST (Representational State Transfer), statelessness is a fundamental architectural constraint. It means that each request from a client to a server must contain all the information needed to understand and process the request. The server should not rely on any information from previous requests or sessions stored on the server. This ensures that each request is independent and can be processed in isolation, making the system more scalable, reliable, and easier to maintain. Statelessness simplifies the communication between clients and servers, as there is no need for the server to store or manage the client's state between requests. Each request is self-contained, enhancing the overall flexibility and scalability of the RESTful system. 14 www.bosscoderacademy.com EASY EASY
What are Idempotent methods in REST? Q.7 Idempotent implies that the outcome of a single request remains the same, even if the request is called multiple times. In REST API design, it is crucial to create idempotent APIs to handle potential duplicate requests from consumers and ensure fault tolerance. REST inherently provides idempotent methods, which guarantee consistent responses regardless of the number of times a request is made. GET, OPTIONS, TRACE, and HEAD are idempotent as they are designed for resource retrieval without altering server resource states. PUT methods, used for resource updates, are idempotent because subsequent requests simply overwrite the same resource without changing its state. DELETE methods are considered idempotent since the first request successfully deletes the resource (Status Code 200). Subsequent DELETE requests return a Status Code 204, indicating no change in server resources. DELETE may not be idempotent if it leads to multiple deletions of the same resource with each request (e.g., DELETE /user/last). 15 www.bosscoderacademy.com HARD HARD
WhatisCAPTheorem? Q.8 TheCAPtheorem(Brewer’stheorem)statesthatadistributedsystem ordatabasecanprovideonlytwooutofthefollowingthreeproperties: Consistency:SimilartoACIDProperties,Consistencymeansthatthe stateofthesystembeforeandaftertransactionsshouldremain consistent. Availability:‌Thisstatesthatresourcesshouldalwaysbeavailable,there shouldbeanon-errorresponse. Partitiontolerance:Evenwhenthenetworkcommunicationfails betweenthenodesinacluster,thesystemshouldworkwell. BytheCAPtheorem,allofthesethreepropertiescannotbeachievedat thesametime. 16 www.bosscoderacademy.com MEDIUM MEDIUM Picktwo Consistency CPCategory APCategory CACategory Thereisariskofsomedata becomingunavailable Ex:MongoDBHbase MemcacheBigtableRedis Clientsmayreadinconsistentdata Ex:CassandraRIAKCouchDB NetworkProblemmight stopthesystem Ex:RDBMS (OracleSQLServerMySQL) C P A
WhatisCAPTheorem? Q.9 SQLInjection: SQLinjectionisacyberattackwhereanattackerinjectsmaliciousSQL codeintoawebsite'sinputfields,exploitingvulnerabilitiesinthecode. TheaimistomanipulatetheexecutedSQLquery,gainingunauthorized accessto,modifying,ordeletingdata,andpotentiallyexecuting administrativeoperationsonthedatabase. Example: InaloginformwiththeSQLquery: SQL SELECT * FROM users WHERE username = 'input_username' AND password = 'input_password'; Anattackermightinput: SQL input_username = 'admin' OR 1=1 -- 17 www.bosscoderacademy.com MEDIUM MEDIUM
Resulting in: SQL SELECT * FROM users WHERE username = 'admin' OR 1=1 --' AND password = 'input_password'; The double hyphen (-- ) comments out the rest of the query, allowing unauthorized access. Prevention Input Validation Cautious Error Messages Logging and Monitoring Web Application Firewalls (WAFs) Security Audits 18 www.bosscoderacademy.com
What is the difference between clustered and non clustered indexes? Q.10 Feature Clustered Index Non-Clustered Index Speed Faster Slower Memory Usage Requires less memory Requires more memory Data Storage Main data is the clustered index itself Index is a copy of data Number of Indexes Allowed Only one per table Multiple per table Disk Storage Stores data on disk Does not inherently store data on disk Storage Structure Stores pointers to blocks, not data Stores both values and pointers to data Leaf Nodes Actual data in leaf nodes Leaf nodes may contain included columns, not data Order Definition Clustered key defines order in the table Index key defines order in the index Physical Order of Rows Matches order of the clustered index Does not necessarily match physical order on disk Size Large Comparatively smaller (for non-clustered index) Default for Primary Keys Primary keys are clustered indexes by default Composite keys with unique constraints act as non- clustered indexes 19 www.bosscoderacademy.com MEDIUM MEDIUM
What is a web server? Q.11 A web server is a software application or hardware device that stores, processes, and delivers web pages to users' browsers. It serves as the foundation for hosting websites and handling client requests by responding with the appropriate web content. Examples of web servers include: Apache HTTP Server: Nginx Microsoft Internet Information Services (IIS): LiteSpeed Web Server: Caddy 20 www.bosscoderacademy.com EASY EASY
What is SQL injection? How can we prevent it? Q.12 NoSQL is a Non-relational or Distributed Database. Non-relational databases store their data in a non-tabular form. Instead, non-relational databases have different storage models based on specific requirements of the type of data being stored. For example, data may be stored as --> Document databases Data is stored as documents in a format such as JSON or XML 
 Each document assigned its own unique key [ { } "Empid" , :101 "Sharma" , "lastname" , "firstname":"Rahul", "title":"Programmer", "titleofcourtesy":"MS.", "birthdate":"12-09-1997", "hiredate":"18-06-2010", "address":"Sector 19 Chandigarh", "postalcode":"500025", "country":"USA", "phone":"8768561213" : Left Square Bracket defines the beginning of a JSON text Colon depicts assignment of a value to a name “empid” is the name (column) 1 is the value (for this row) Comma separates this first object from the next JSON object Left and Right Curly Brackets enclose a JSON Object 21 www.bosscoderacademy.com MEDIUM MEDIUM
Example products include MongoDB, CouchDB, and BaseX. --> Example products include MongoDB, CouchDB, and BaseX. Each element is stored as a node. It stores the data itself. 
 (Example: A person in a social media graph). The Edge explains the relationship between two nodes. Edges can also have their own pieces of information, like relationship between two nodes. Examples include Neo4J, and InfiniteGraph. Person City Restaurant L i k e s ( r a t i n g , r e v i e w . . . ) L i v e s I n ( a d d r e s s , . . . , . . . ) LocatedIn (address,...,...) Likes(rating,review...) Friends 22 www.bosscoderacademy.com
--> Key Value Data-Model In this model every data element in the database is stored as a key value pair. The pair consists of an attribute or “key” and its corresponding value. We can sort of consider this model to be similar to a relational database with only two columns, the key and and the value. Example products include Redis, Berkeley DB, and Amazon DynamoDB. Username Rahul 101 ID Madhya Pradesh State 500035 Pincode 23 www.bosscoderacademy.com
--> Column Oriented Databases A column oriented database is organised as a set of columns. Column-oriented storage is used to improve analytic query performance. It reduces the overall disk I/O requirements and reduces the amount of data you need to load from disk. Example products include Redis, Berkeley DB, and Amazon DynamoDB. Id Number First Name Last Name Bonus Row oriented database Column oriented database 101 Rahul Sharma 50000 101 Rahul Sharma 50000 102 Keerthi Khanna 35000 102 Keerthi Khanna 35000 103 Siya Carol 45000 103 Siya Carol 45000 101 102 103 102 Rahul Keerthi Siya Keerthi Sharma Khanna Carol Khanna 50000 35000 45000 35000 24 www.bosscoderacademy.com
How do you create a simple server in Node.js that returns Hello World? Q.13 // Import the 'http' module // Create an HTTP server // Set the response headers (HTTP status code 200 OK and content type as plain text) // Send the response content ('Hello World' followed by a newline) const http = require("http"); http.createServer((req, res) => { res.writeHead(200, {'Content-Type': 'text/ plain'}); res.end('Hello Worldn'); }).listen(3000); // Listen on port 3000 25 www.bosscoderacademy.com EASY EASY
What is MVC Architecture? Q.14 The Model-View-Controller (MVC) framework is an architectural/design pattern that separates an application into three main logical components Model, View, and Controller. It comprises three main components: Controller, Model, and View. Controller: The controller focuses on processing business logic and handling incoming requests. The controller instructs the model, manipulates data, and collaborates with the view to produce the final output. View: Responsible for the application's UI logic, the view generates the user interface based on data collected through the controller. It interacts solely with the controller, ensuring separation of concerns. Model: The model handles data-related logic and manages interactions with the database, responding to controller requests and providing necessary data. MVC Design Principles: Divide and conquer: The three components can be independently designed. Increase cohesion: The components exhibit strong layer cohesion. Reduce coupling: Communication channels between components are minimal and clear. Increase reuse: Views and controllers make use of reusable components for UI controls, promoting reusability. Design for flexibility: Changing the UI is easily achievable by modifying the view, controller, or both. 26 www.bosscoderacademy.com MEDIUM MEDIUM
What is API Rate Limiting? Give a few rate limiting algorithms. Q.15 API Rate Limiting: API Rate Limiting is a technique used to control the number of requests a client (or user) can make to an API within a specified time frame. It helps prevent abuse, protect server resources, and ensure fair usage of the API. Without rate limiting, a malicious or overly aggressive client could overwhelm the API server, leading to degraded performance or even denial of service. Rate Limiting Algorithms: Token Bucket Algorithm: Clients are assigned tokens at a fixed rate. Each request consumes a token. Requests are allowed only if the client has tokens available. Leaky Bucket Algorithm: Requests are added to the "bucket" at a fixed rate. The bucket has a maximum capacity. Requests are processed if there is capacity; otherwise, they are delayed or discarded. 27 www.bosscoderacademy.com MEDIUM MEDIUM
Fixed Window Counter: Counts the number of requests within fixed time windows (e.g., 1 second, 1 minute). Resets the counter at the beginning of each window. Sliding Window Log: Keeps a log of timestamps for each request. Counts requests within a sliding time window. Adaptive Rate Limiting: Adjusts the rate limit dynamically based on the recent traffic patterns. Reacts to sudden spikes or drops in traffic. 28 www.bosscoderacademy.com
How can you select which webservice to use between REST and SOAP? Q.16 When deciding between SOAP and REST for web services, consider the following factors: Nature of Data/Logic Exposure: SOAP: Used for exposing business logic. REST: Used for exposing data. Formal Contract Requirement: SOAP: Provides strict contracts through WSDL. REST: No strict contract requirement. 29 www.bosscoderacademy.com MEDIUM MEDIUM Data Format Support: SOAP: Limited support. REST: Supports multiple data formats. AJAX Call Support: SOAP: No direct support. REST: Supports XMLHttpRequest for AJAX calls.
30 www.bosscoderacademy.com Synchronous/Asynchronous Requests: SOAP: Supports both sync and async. REST: Supports only synchronous calls. Statelessness Requirement: SOAP: No. REST: Yes. Security Level: SOAP: Preferred for high-security needs. REST: Security depends on underlying implementation. Transaction Support: SOAP: Provides advanced support for transactions. REST: Limited transaction support. Bandwidth/Resource Usage: SOAP: High bandwidth due to XML data overhead. REST: Uses less bandwidth. Development and Maintenance Ease: SOAP: More complex. REST: Known for simplicity, easy development, testing, and maintenance.
What is DRY principle in software development? Q.17 In software development, the DRY principle stands for "Don't Repeat Yourself." It's a best practice that emphasizes avoiding duplicate code. Imagine writing the same instructions for doing something twice in different parts of your program. If you need to make a change later, you'd have to update both places, increasing the risk of inconsistencies and bugs. 31 www.bosscoderacademy.com EASY EASY Here's an example: Without DRY: def validate_email(email): if not email or "@" not in email: return False return True def update_profile(user, email): if not validate_email(email): raise ValueError("Invalid email address") user.email = email def send_confirmation_email(email): if not validate_email(email): raise ValueError("Invalid email address") # send email...
32 www.bosscoderacademy.com In this example, the email validation logic is repeated three times. Any change to this logic would require three edits, increasing the risk of errors and inconsistencies. With DRY: def validate_email(email): if not email or "@" not in email: return False return True def update_profile(user, email): if not validate_email(email): raise ValueError("Invalid email address") user.email = email def send_confirmation_email(email): if not validate_email(email): raise ValueError("Invalid email address") # send email... using validate_email(email) Here, we extracted the email validation logic into a separate function, . Now, any changes to this logic only need to be done in one place, ensuring consistency and reducing error-prone duplication. validate_email
What is the difference between first party and third party cookies? Q.18 Both first-party and third-party cookies are small files stored on your computer by websites you visit. They track your activity and preferences, but they do so in different ways. 33 www.bosscoderacademy.com MEDIUM MEDIUM First-party cookies are created by the website you're on and can only be accessed by that website. They're like a little note that the website leaves on your computer to remember you next time you visit. They're used for things like: Keeping track of your login information so you don't have to type it in every time Remembering what items you've added to your shopping cart Tailoring the website to your preferences, such as language or font size Third-party cookies are created by a different domain than the website you're on. They're like little spies that follow you around the internet, tracking your activity on different websites. They're used for things like: Showing you targeted advertising based on your interests Tracking your activity across different websites to build a profile of your interests
Feature First-party cookies Third-party cookies Who creates them? The website you're on A different domain than the website you're on Who can access them? Only the website that created them Any website that uses the same third-party code What are they used for? Remembering your preferences, keeping you logged in, etc. Tracking your activity for advertising and other purposes 34 www.bosscoderacademy.com Privacy concerns Third-party cookies have raised concerns about privacy, as they can be used to track your activity across the internet without your knowledge or consent. Many browsers now allow you to block or delete third-party cookies.
Describe the RESTful API design principles. Q.19 RESTful APIs follow six guiding principles: 35 www.bosscoderacademy.com MEDIUM MEDIUM Uniform Interface: Consistent resource naming and actions using HTTP methods (GET, POST, PUT, DELETE). Client-Server: Separation of concerns between clients making requests and servers handling them. Statelessness: Each request contains all information needed, servers don't "remember" past requests. Cacheable: Resources can be cached by clients or intermediaries for better performance. Layered System: Intermediaries can be placed between clients and servers without affecting communication. Code on Demand (Optional): Servers can send executable code to clients to extend functionality. These principles lead to well-designed, predictable, and scalable APIs.
Describe the RESTful API design principles. Q.20 The SOLID principles are a set of five principles in object-oriented design that aim to enhance the maintainability, flexibility, and scalability of software: 36 www.bosscoderacademy.com MEDIUM MEDIUM Single Responsibility Principle (SRP) A class should have only one responsibility, promoting modular and understandable code. Open/Closed Principle (OCP) Software entities should be open for extension but closed for modification, facilitating adaptability through interfaces and abstract classes. Liskov Substitution Principle (LSP) Objects of a superclass should be replaceable with objects of a subclass without affecting program correctness, ensuring consistency in polymorphism. Interface Segregation Principle (ISP) A class should not be forced to implement interfaces it does not use, promoting focused and non-bloated interfaces. Dependency Inversion Principle (DIP): High-level modules should not depend on low-level modules; both should depend on abstractions, reducing coupling and improving flexibility.
What are the advantages and disadvantages of microservices architecture? Q.21 37 www.bosscoderacademy.com HARD HARD Microservices are an architectural style that structures an application as a collection of small, loosely coupled, and independently deployable services. Key Concepts: Independence: Each service has specific business function. Developed & scaled separately. Modularity: Breaking down a large, monolithic application into smaller, manageable pieces. Advantages of Microservices: Agility and Speed: Faster development and deployment cycles due to independent services. Scalability: Individual services can be scaled up or down independently based on demand. Resilience: Failure of one service doesn't cripple the entire app. Technology Choice: Each service can use the best tool for the job without affecting others.
38 www.bosscoderacademy.com Disadvantages of Microservices: Complexity: Increased overhead in managing infrastructure, communication, and monitoring. Testing: Testing complex distributed systems can be challenging and time-consuming. Debugging: Identifying and fixing issues across services can be difficult. Cost: Initial setup and ongoing maintenance can be more expensive than monolithic.
What is the difference between horizontal and vertical scaling? Q.22 Horizontal scaling involves adding more machines or nodes to a system to distribute the load and increase performance.Vertical scaling involves increasing the resources (CPU, RAM, storage, etc.) on a single machine to improve its performance. Choosing between horizontal and vertical scaling depends on your specific needs. Here are some general guidelines: Handling high workloads and surges in traffic. Building highly resilient and available systems. Use horizontal scaling for: 39 www.bosscoderacademy.com MEDIUM MEDIUM Feature Horizontal Scaling Vertical Scaling Method Add more machines Add more resources to existing machine Work distribution Distributed across nodes Single machine handles all workload Flexibility & Resilience High Low Management complexity High Low Cost- effectiveness High (long run) Low (low workload)
Processing large datasets efficiently. Use vertical scaling for: Simple workloads and applications. Rapid deployment and testing. Cost-efficiency for low workloads. 40 www.bosscoderacademy.com
What is the difference between HTTP methods GET and POST? Q.23 GET: Used to request data from a specified resource, with parameters appended to the URL. It is idempotent and suitable for data retrieval. POST: Used to submit data to a specified resource, with data sent in the request body. It is non-idempotent and suitable for actions causing side effects, like form submissions. GET /example/resource?param1=value1&param2=value2 HTTP/1.1 Host: example.com POST /example/resource HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded param1=value1&param2=value2 Example GET request: Example POST request: 41 www.bosscoderacademy.com MEDIUM MEDIUM
Feature GET POST Purpose Retrieve data Send data Data transfer URL parameters Request body Visibility Public (in URL) Private (hidden) Caching Yes No (usually) Bookmarks Yes No Idempotency Yes No Data limitation Yes No Security Less secure More secure 42 www.bosscoderacademy.com
How can you maintain API Security? Q.24 Maintaining API security is crucial in today's digital landscape, where data breaches and unauthorized access can have severe consequences. Here are some key practices to keep your APIs secure: Implement Token-based Authentication: Ensure secure access to services and resources by assigning tokens to trusted identities. Employ Encryption and Signatures: Safeguard your data with encryption, such as TLS, and require signatures to verify the legitimacy of users accessing and modifying the data. Identify and Address Vulnerabilities: Stay vigilant by regularly updating operating systems, networks, drivers, and API components. Utilize sniffers to detect security issues and potential data leaks. Implement Quotas and Throttling: Set usage limits on API calls and monitor historical usage patterns. Unusual spikes in API calls may indicate misuse or errors, and implementing throttling rules can protect against abuse and potential Denial-of-Service attacks. Utilize an API Gateway: Deploy an API gateway as a central point for managing and securing API traffic. A robust gateway enables authentication, control, and analysis of API usage. 43 www.bosscoderacademy.com MEDIUM MEDIUM
What happens when you search for something on www.google.com? Q.25 44 www.bosscoderacademy.com HARD HARD Here's a breakdown of what happens when you search on Google, focusing on the backend aspects: Query Submission: You enter your search term on the Google homepage. The browser sends a GET request to Google's servers, including your search query and other information (IP address, browser type, etc.). Processing and Parsing: Google's web crawlers and indexing systems have already built a massive database of web pages and their content. The query is parsed and analyzed to understand its meaning and intent. This might involve stemming, synonymization, and entity recognition. Ranking and Retrieval: The parsed query is matched against the indexed pages, using sophisticated algorithms like PageRank and BM25. These consider factors like relevance, authority, and freshness of the content. A ranked list of results is generated, prioritizing the most relevant and helpful pages.
45 www.bosscoderacademy.com Serving the Results: The search engine selects the top results and retrieves the necessary data from the database. This data is formatted into HTML snippets with titles, descriptions, and links to the original pages. The HTML response is sent back to your browser. Displaying the Results: Your browser receives and interprets the HTML response, displaying the search results page with the ranked snippets. You can then click on the snippets to visit the relevant websites. Additional Backend Considerations: Load balancing: Google distributes requests across its vast server network to handle high search volume efficiently. Caching: Frequently accessed data is cached to improve response times. Personalization: Search results can be personalized based on your location, search history, and other factors. Security: Google implements various security measures to protect user data and prevent malicious activities.
Why Bosscoder? 750+ 136% hike 2 out of 3 24LPA. Alumni placed at Top Product-based companies. More than for every 
 working professional. Average package of . Explore More

More Related Content

PPTX
L1-Normalization 1NF 2NF 3NF 4NF BCNF.pptx
ChandrashekharSingh859453
 
PPTX
Relational database design
Dr. SURBHI SAROHA
 
ODP
Data massage! databases scaled from one to one million nodes (ulf wendel)
Zhang Bo
 
PDF
DeE_Data_Architecture_QA
PREM NATH R.K.
 
PPTX
Entity relationship diagram - Concept on normalization
Satya Pal
 
PPTX
Data Modeling
DrkhanchanaR
 
PDF
Managment information system Managment information systemTutorial.
SrishtiKumar8
 
PPT
D B M S Animate
Indu George
 
L1-Normalization 1NF 2NF 3NF 4NF BCNF.pptx
ChandrashekharSingh859453
 
Relational database design
Dr. SURBHI SAROHA
 
Data massage! databases scaled from one to one million nodes (ulf wendel)
Zhang Bo
 
DeE_Data_Architecture_QA
PREM NATH R.K.
 
Entity relationship diagram - Concept on normalization
Satya Pal
 
Data Modeling
DrkhanchanaR
 
Managment information system Managment information systemTutorial.
SrishtiKumar8
 
D B M S Animate
Indu George
 

Similar to Important Backend Concept for interview. (20)

DOC
Faq dbms
ANIRUDHTYAGI2010
 
PPTX
T-SQL Overview
Ahmed Elbaz
 
PPTX
IT6701-Information Management Unit 1
SIMONTHOMAS S
 
PDF
Normalization | (1NF) |(2NF) (3NF)|BCNF| 4NF |5NF
Biplap Bhattarai
 
PPTX
Introduction to Database Management Systems
Reem Sherif
 
PPTX
Chap04 (normalization 1 2 3 form ).pptx
syedalishahid6
 
PDF
PostgreSQL Tutorial For Beginners | Edureka
Edureka!
 
PPTX
Chapter Four Logical Database Design (Normalization).pptx
haymanot taddesse
 
DOCX
ICS Part 2 Computer Science Short Notes
Abdul Haseeb
 
PPTX
database Normalization
Harsiddhi Thakkar
 
PPTX
DATABASE DESIGN.pptx
SaranCreations
 
PPTX
UNIT II DBMS.pptx
NIVETHA37590
 
PDF
Mba ebooks ! Edhole
Edhole.com
 
PPT
Database Normalization 1NF, 2NF, 3NF, BCNF, 4NF, 5NF
Oum Saokosal
 
PDF
Relational Theory for Budding Einsteins -- LonestarPHP 2016
Dave Stokes
 
PPTX
Ism normalization pine valley 2012
Akshit R Shah
 
PPTX
Relational Database Design
Archit Saxena
 
PPTX
Structured system analysis and design
Jayant Dalvi
 
PPTX
DBMS: Week 10 - Database Design and Normalization
RashidFaridChishti
 
PPTX
nosql-module1ppt-230309062548-d60645ec.pptx
GeethaAL
 
Faq dbms
ANIRUDHTYAGI2010
 
T-SQL Overview
Ahmed Elbaz
 
IT6701-Information Management Unit 1
SIMONTHOMAS S
 
Normalization | (1NF) |(2NF) (3NF)|BCNF| 4NF |5NF
Biplap Bhattarai
 
Introduction to Database Management Systems
Reem Sherif
 
Chap04 (normalization 1 2 3 form ).pptx
syedalishahid6
 
PostgreSQL Tutorial For Beginners | Edureka
Edureka!
 
Chapter Four Logical Database Design (Normalization).pptx
haymanot taddesse
 
ICS Part 2 Computer Science Short Notes
Abdul Haseeb
 
database Normalization
Harsiddhi Thakkar
 
DATABASE DESIGN.pptx
SaranCreations
 
UNIT II DBMS.pptx
NIVETHA37590
 
Mba ebooks ! Edhole
Edhole.com
 
Database Normalization 1NF, 2NF, 3NF, BCNF, 4NF, 5NF
Oum Saokosal
 
Relational Theory for Budding Einsteins -- LonestarPHP 2016
Dave Stokes
 
Ism normalization pine valley 2012
Akshit R Shah
 
Relational Database Design
Archit Saxena
 
Structured system analysis and design
Jayant Dalvi
 
DBMS: Week 10 - Database Design and Normalization
RashidFaridChishti
 
nosql-module1ppt-230309062548-d60645ec.pptx
GeethaAL
 
Ad

Recently uploaded (20)

PDF
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
PDF
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
PPTX
Internet of Everything -Basic concepts details
sendilkumar66
 
PDF
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
PPTX
Microsoft User Copilot Training Slide Deck
zohoron1
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PPTX
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
PDF
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
NU_I_TODALAB
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
Internet of Everything -Basic concepts details
sendilkumar66
 
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
Microsoft User Copilot Training Slide Deck
zohoron1
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
NU_I_TODALAB
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
Ad

Important Backend Concept for interview.

  • 1. IMPORTANT Backend Concepts for Interview Interview Questions & Explanations </> <HTML> <PHP> CSS PYTHON
  • 2. Everyone learns uniquely. Learn Backend in a structured manner and master it by practically applying your skills. This Doc will help you with the same. *Disclaimer* 2 www.bosscoderacademy.com
  • 3. What are the different languages present in DBMS? Q.1 The four types of DBMS languages are as follows: Data Manipulation Language (DML): It is used to manipulate the data and consists of the command for the same. E.g.: SELECT, INSERT, DELETE, UPDATE, etc. Data Definition Language (DDL): It is used to define and update the data. E.g.: TRUNCATE, ALTER, DROP, CREATE, RENAME, etc. Data Control Language (DCL): It is used to control the access to the data. E.g.: GRANT, REVOKE, etc. Transaction Control Language (TCL): It is used to handle the data transactions. E.g.: COMMIT, ROLLBACK, etc. 3 www.bosscoderacademy.com EASY EASY
  • 4. What are ACID properties? Q.2 ACID properties are a set of properties that ensure reliable and secure transactions among databases. To maintain data consistency, ACID properties are followed. ACID stands for Atomicity, Consistency, Isolation, Durability. Atomicity: Either the entire transaction takes place at once or not at all. Consistency: The database must be consistent before and after a transaction Isolation: No other transaction can alter the data during a transaction is in progress Durability: The transactions made should be durable and must persist 4 www.bosscoderacademy.com EASY EASY
  • 5. What is normalization? Explain the different types of normal forms. Q.3 Normalization is the technique that reduces data redundancy and eliminates insertion, updation and deletion anomalies. Normalization is the process of dividing the larger table into smaller tables and linking them through relationships. It is the process of organizing data in a database. Insertion Anomaly: Insertion Anomaly is when one cannot insert a new tuple into a relationship due to lack of data. Deletion Anomaly: Delete anomaly is where the deletion of data results in the unintended loss of some other important data. Updation Anomaly: Updation anomaly is when an update of a single data value requires multiple rows of data to be updated. Different types of normal forms: 1NF: It is known as the first normal form. A relation is said to be in 1NF if it contains an atomic value. 2NF: It is known as the second normal form. A relation is said to be in 2NF if it is in 1NF and each non-prime attribute is fully functionally dependent on the primary key. 3NF: It is known as the third normal form. A relation is said to be in 3NF if it is in 2NF and there is no transitive dependency. 5 www.bosscoderacademy.com MEDIUM MEDIUM
  • 6. BCNF: It is known as Boyce Codd Normal Form which is a strict version of 3NF. A relation is said to be in BCNF if it is in 3NF and for every functional dependency X->Y, X is a super key of the table. It is also called the 3.5 Normal Form. 4NF: It is known as the fourth normal form. A relation is said to be in 4NF if it is in BCNF and there is no multivalued dependency in the table. 5NF: It is known as the fifth normal form. A relation is said to be in 5NF if it is in 4NF and it cannot be further decomposed into smaller tables. 6 www.bosscoderacademy.com
  • 8. Givetheresultingtablesarisingfrom applyingJoinsonthefollowingtablesin SQL Q.5 Employees Table: 1 2 3 4 Alice Bob Charlie David 101 102 101 103 1 2 3 4 Alice Bob Charlie David 101 102 101 103 id name department_id Departments Table: 101 102 103 104 HR IT Marketing Sales 101 102 103 104 HR IT Marketing Sales id department_id 8 www.bosscoderacademy.com MEDIUM MEDIUM
  • 9. Inner Join: Returns only the rows with matching values in both tables. Filters out rows with no match. SQL Query: SQL SELECT employees.name, departments.department_name FROM employees INNER JOIN departments ON employees.department_id = departments.id; Output: Alice Bob Charlie David HR IT HR Marketing Alice Bob Charlie David HR IT HR Marketing name department_name 9 www.bosscoderacademy .com
  • 10. Left Join (Left Outer Join): Returns all rows from the left table and the matched rows from the right table. If there is no match in the right table, NULL values are returned. SQL Query: SQL SELECT employees.name, departments.department_name FROM employees LEFT JOIN departments ON employees.department_id = departments.id; Output: Alice Bob Charlie David HR IT HR Marketing Alice Bob Charlie David HR IT HR Marketing name department_name 10 www.bosscoderacademy.com
  • 11. Right Join (Right Outer Join): Returns all rows from the right table and the matched rows from the left table. If there is no match in the left table, NULL values are returned. SQL Query: SQL SELECT employees.name, departments.department_name FROM employees RIGHT JOIN departments ON employees.department_id = departments.id; Output: Alice Bob Charlie David NULL HR IT HR Marketing Sales Alice Bob Charlie David NULL HR IT HR Marketing Sales name department_name 11 www.bosscoderacademy.com
  • 12. Full Outer Join: Returns all rows when there is a match in either the left or right table. Includes rows with no match in either table with NULL values. SQL Query: SQL SELECT employees.name, departments.department_name FROM employees FULL OUTER JOIN departments ON employees.department_id = departments.id; Output: Alice Bob Charlie David NULL HR IT HR Marketing Sales Alice Bob Charlie David NULL HR IT HR Marketing Sales name department_name 12 www.bosscoderacademy.com
  • 13. Self Join: Combines rows from a single table, treating it as two separate tables. Often used for hierarchical data. SQL Query: SQL SELECT e1.name, e2.name AS manager FROM employees e1 LEFT JOIN employees e2 ON e1.manager_id = e2.id; Output: Alice Bob Charlie David NULL NULL Alice NULL Alice Bob Charlie David NULL NULL Alice NULL name manager 13 www.bosscoderacademy.com
  • 14. What is statelessness in REST? Q.6 In REST (Representational State Transfer), statelessness is a fundamental architectural constraint. It means that each request from a client to a server must contain all the information needed to understand and process the request. The server should not rely on any information from previous requests or sessions stored on the server. This ensures that each request is independent and can be processed in isolation, making the system more scalable, reliable, and easier to maintain. Statelessness simplifies the communication between clients and servers, as there is no need for the server to store or manage the client's state between requests. Each request is self-contained, enhancing the overall flexibility and scalability of the RESTful system. 14 www.bosscoderacademy.com EASY EASY
  • 15. What are Idempotent methods in REST? Q.7 Idempotent implies that the outcome of a single request remains the same, even if the request is called multiple times. In REST API design, it is crucial to create idempotent APIs to handle potential duplicate requests from consumers and ensure fault tolerance. REST inherently provides idempotent methods, which guarantee consistent responses regardless of the number of times a request is made. GET, OPTIONS, TRACE, and HEAD are idempotent as they are designed for resource retrieval without altering server resource states. PUT methods, used for resource updates, are idempotent because subsequent requests simply overwrite the same resource without changing its state. DELETE methods are considered idempotent since the first request successfully deletes the resource (Status Code 200). Subsequent DELETE requests return a Status Code 204, indicating no change in server resources. DELETE may not be idempotent if it leads to multiple deletions of the same resource with each request (e.g., DELETE /user/last). 15 www.bosscoderacademy.com HARD HARD
  • 16. WhatisCAPTheorem? Q.8 TheCAPtheorem(Brewer’stheorem)statesthatadistributedsystem ordatabasecanprovideonlytwooutofthefollowingthreeproperties: Consistency:SimilartoACIDProperties,Consistencymeansthatthe stateofthesystembeforeandaftertransactionsshouldremain consistent. Availability:‌Thisstatesthatresourcesshouldalwaysbeavailable,there shouldbeanon-errorresponse. Partitiontolerance:Evenwhenthenetworkcommunicationfails betweenthenodesinacluster,thesystemshouldworkwell. BytheCAPtheorem,allofthesethreepropertiescannotbeachievedat thesametime. 16 www.bosscoderacademy.com MEDIUM MEDIUM Picktwo Consistency CPCategory APCategory CACategory Thereisariskofsomedata becomingunavailable Ex:MongoDBHbase MemcacheBigtableRedis Clientsmayreadinconsistentdata Ex:CassandraRIAKCouchDB NetworkProblemmight stopthesystem Ex:RDBMS (OracleSQLServerMySQL) C P A
  • 18. Resulting in: SQL SELECT * FROM users WHERE username = 'admin' OR 1=1 --' AND password = 'input_password'; The double hyphen (-- ) comments out the rest of the query, allowing unauthorized access. Prevention Input Validation Cautious Error Messages Logging and Monitoring Web Application Firewalls (WAFs) Security Audits 18 www.bosscoderacademy.com
  • 19. What is the difference between clustered and non clustered indexes? Q.10 Feature Clustered Index Non-Clustered Index Speed Faster Slower Memory Usage Requires less memory Requires more memory Data Storage Main data is the clustered index itself Index is a copy of data Number of Indexes Allowed Only one per table Multiple per table Disk Storage Stores data on disk Does not inherently store data on disk Storage Structure Stores pointers to blocks, not data Stores both values and pointers to data Leaf Nodes Actual data in leaf nodes Leaf nodes may contain included columns, not data Order Definition Clustered key defines order in the table Index key defines order in the index Physical Order of Rows Matches order of the clustered index Does not necessarily match physical order on disk Size Large Comparatively smaller (for non-clustered index) Default for Primary Keys Primary keys are clustered indexes by default Composite keys with unique constraints act as non- clustered indexes 19 www.bosscoderacademy.com MEDIUM MEDIUM
  • 20. What is a web server? Q.11 A web server is a software application or hardware device that stores, processes, and delivers web pages to users' browsers. It serves as the foundation for hosting websites and handling client requests by responding with the appropriate web content. Examples of web servers include: Apache HTTP Server: Nginx Microsoft Internet Information Services (IIS): LiteSpeed Web Server: Caddy 20 www.bosscoderacademy.com EASY EASY
  • 21. What is SQL injection? How can we prevent it? Q.12 NoSQL is a Non-relational or Distributed Database. Non-relational databases store their data in a non-tabular form. Instead, non-relational databases have different storage models based on specific requirements of the type of data being stored. For example, data may be stored as --> Document databases Data is stored as documents in a format such as JSON or XML 
 Each document assigned its own unique key [ { } "Empid" , :101 "Sharma" , "lastname" , "firstname":"Rahul", "title":"Programmer", "titleofcourtesy":"MS.", "birthdate":"12-09-1997", "hiredate":"18-06-2010", "address":"Sector 19 Chandigarh", "postalcode":"500025", "country":"USA", "phone":"8768561213" : Left Square Bracket defines the beginning of a JSON text Colon depicts assignment of a value to a name “empid” is the name (column) 1 is the value (for this row) Comma separates this first object from the next JSON object Left and Right Curly Brackets enclose a JSON Object 21 www.bosscoderacademy.com MEDIUM MEDIUM
  • 22. Example products include MongoDB, CouchDB, and BaseX. --> Example products include MongoDB, CouchDB, and BaseX. Each element is stored as a node. It stores the data itself. 
 (Example: A person in a social media graph). The Edge explains the relationship between two nodes. Edges can also have their own pieces of information, like relationship between two nodes. Examples include Neo4J, and InfiniteGraph. Person City Restaurant L i k e s ( r a t i n g , r e v i e w . . . ) L i v e s I n ( a d d r e s s , . . . , . . . ) LocatedIn (address,...,...) Likes(rating,review...) Friends 22 www.bosscoderacademy.com
  • 23. --> Key Value Data-Model In this model every data element in the database is stored as a key value pair. The pair consists of an attribute or “key” and its corresponding value. We can sort of consider this model to be similar to a relational database with only two columns, the key and and the value. Example products include Redis, Berkeley DB, and Amazon DynamoDB. Username Rahul 101 ID Madhya Pradesh State 500035 Pincode 23 www.bosscoderacademy.com
  • 24. --> Column Oriented Databases A column oriented database is organised as a set of columns. Column-oriented storage is used to improve analytic query performance. It reduces the overall disk I/O requirements and reduces the amount of data you need to load from disk. Example products include Redis, Berkeley DB, and Amazon DynamoDB. Id Number First Name Last Name Bonus Row oriented database Column oriented database 101 Rahul Sharma 50000 101 Rahul Sharma 50000 102 Keerthi Khanna 35000 102 Keerthi Khanna 35000 103 Siya Carol 45000 103 Siya Carol 45000 101 102 103 102 Rahul Keerthi Siya Keerthi Sharma Khanna Carol Khanna 50000 35000 45000 35000 24 www.bosscoderacademy.com
  • 25. How do you create a simple server in Node.js that returns Hello World? Q.13 // Import the 'http' module // Create an HTTP server // Set the response headers (HTTP status code 200 OK and content type as plain text) // Send the response content ('Hello World' followed by a newline) const http = require("http"); http.createServer((req, res) => { res.writeHead(200, {'Content-Type': 'text/ plain'}); res.end('Hello Worldn'); }).listen(3000); // Listen on port 3000 25 www.bosscoderacademy.com EASY EASY
  • 26. What is MVC Architecture? Q.14 The Model-View-Controller (MVC) framework is an architectural/design pattern that separates an application into three main logical components Model, View, and Controller. It comprises three main components: Controller, Model, and View. Controller: The controller focuses on processing business logic and handling incoming requests. The controller instructs the model, manipulates data, and collaborates with the view to produce the final output. View: Responsible for the application's UI logic, the view generates the user interface based on data collected through the controller. It interacts solely with the controller, ensuring separation of concerns. Model: The model handles data-related logic and manages interactions with the database, responding to controller requests and providing necessary data. MVC Design Principles: Divide and conquer: The three components can be independently designed. Increase cohesion: The components exhibit strong layer cohesion. Reduce coupling: Communication channels between components are minimal and clear. Increase reuse: Views and controllers make use of reusable components for UI controls, promoting reusability. Design for flexibility: Changing the UI is easily achievable by modifying the view, controller, or both. 26 www.bosscoderacademy.com MEDIUM MEDIUM
  • 27. What is API Rate Limiting? Give a few rate limiting algorithms. Q.15 API Rate Limiting: API Rate Limiting is a technique used to control the number of requests a client (or user) can make to an API within a specified time frame. It helps prevent abuse, protect server resources, and ensure fair usage of the API. Without rate limiting, a malicious or overly aggressive client could overwhelm the API server, leading to degraded performance or even denial of service. Rate Limiting Algorithms: Token Bucket Algorithm: Clients are assigned tokens at a fixed rate. Each request consumes a token. Requests are allowed only if the client has tokens available. Leaky Bucket Algorithm: Requests are added to the "bucket" at a fixed rate. The bucket has a maximum capacity. Requests are processed if there is capacity; otherwise, they are delayed or discarded. 27 www.bosscoderacademy.com MEDIUM MEDIUM
  • 28. Fixed Window Counter: Counts the number of requests within fixed time windows (e.g., 1 second, 1 minute). Resets the counter at the beginning of each window. Sliding Window Log: Keeps a log of timestamps for each request. Counts requests within a sliding time window. Adaptive Rate Limiting: Adjusts the rate limit dynamically based on the recent traffic patterns. Reacts to sudden spikes or drops in traffic. 28 www.bosscoderacademy.com
  • 29. How can you select which webservice to use between REST and SOAP? Q.16 When deciding between SOAP and REST for web services, consider the following factors: Nature of Data/Logic Exposure: SOAP: Used for exposing business logic. REST: Used for exposing data. Formal Contract Requirement: SOAP: Provides strict contracts through WSDL. REST: No strict contract requirement. 29 www.bosscoderacademy.com MEDIUM MEDIUM Data Format Support: SOAP: Limited support. REST: Supports multiple data formats. AJAX Call Support: SOAP: No direct support. REST: Supports XMLHttpRequest for AJAX calls.
  • 30. 30 www.bosscoderacademy.com Synchronous/Asynchronous Requests: SOAP: Supports both sync and async. REST: Supports only synchronous calls. Statelessness Requirement: SOAP: No. REST: Yes. Security Level: SOAP: Preferred for high-security needs. REST: Security depends on underlying implementation. Transaction Support: SOAP: Provides advanced support for transactions. REST: Limited transaction support. Bandwidth/Resource Usage: SOAP: High bandwidth due to XML data overhead. REST: Uses less bandwidth. Development and Maintenance Ease: SOAP: More complex. REST: Known for simplicity, easy development, testing, and maintenance.
  • 31. What is DRY principle in software development? Q.17 In software development, the DRY principle stands for "Don't Repeat Yourself." It's a best practice that emphasizes avoiding duplicate code. Imagine writing the same instructions for doing something twice in different parts of your program. If you need to make a change later, you'd have to update both places, increasing the risk of inconsistencies and bugs. 31 www.bosscoderacademy.com EASY EASY Here's an example: Without DRY: def validate_email(email): if not email or "@" not in email: return False return True def update_profile(user, email): if not validate_email(email): raise ValueError("Invalid email address") user.email = email def send_confirmation_email(email): if not validate_email(email): raise ValueError("Invalid email address") # send email...
  • 32. 32 www.bosscoderacademy.com In this example, the email validation logic is repeated three times. Any change to this logic would require three edits, increasing the risk of errors and inconsistencies. With DRY: def validate_email(email): if not email or "@" not in email: return False return True def update_profile(user, email): if not validate_email(email): raise ValueError("Invalid email address") user.email = email def send_confirmation_email(email): if not validate_email(email): raise ValueError("Invalid email address") # send email... using validate_email(email) Here, we extracted the email validation logic into a separate function, . Now, any changes to this logic only need to be done in one place, ensuring consistency and reducing error-prone duplication. validate_email
  • 33. What is the difference between first party and third party cookies? Q.18 Both first-party and third-party cookies are small files stored on your computer by websites you visit. They track your activity and preferences, but they do so in different ways. 33 www.bosscoderacademy.com MEDIUM MEDIUM First-party cookies are created by the website you're on and can only be accessed by that website. They're like a little note that the website leaves on your computer to remember you next time you visit. They're used for things like: Keeping track of your login information so you don't have to type it in every time Remembering what items you've added to your shopping cart Tailoring the website to your preferences, such as language or font size Third-party cookies are created by a different domain than the website you're on. They're like little spies that follow you around the internet, tracking your activity on different websites. They're used for things like: Showing you targeted advertising based on your interests Tracking your activity across different websites to build a profile of your interests
  • 34. Feature First-party cookies Third-party cookies Who creates them? The website you're on A different domain than the website you're on Who can access them? Only the website that created them Any website that uses the same third-party code What are they used for? Remembering your preferences, keeping you logged in, etc. Tracking your activity for advertising and other purposes 34 www.bosscoderacademy.com Privacy concerns Third-party cookies have raised concerns about privacy, as they can be used to track your activity across the internet without your knowledge or consent. Many browsers now allow you to block or delete third-party cookies.
  • 35. Describe the RESTful API design principles. Q.19 RESTful APIs follow six guiding principles: 35 www.bosscoderacademy.com MEDIUM MEDIUM Uniform Interface: Consistent resource naming and actions using HTTP methods (GET, POST, PUT, DELETE). Client-Server: Separation of concerns between clients making requests and servers handling them. Statelessness: Each request contains all information needed, servers don't "remember" past requests. Cacheable: Resources can be cached by clients or intermediaries for better performance. Layered System: Intermediaries can be placed between clients and servers without affecting communication. Code on Demand (Optional): Servers can send executable code to clients to extend functionality. These principles lead to well-designed, predictable, and scalable APIs.
  • 36. Describe the RESTful API design principles. Q.20 The SOLID principles are a set of five principles in object-oriented design that aim to enhance the maintainability, flexibility, and scalability of software: 36 www.bosscoderacademy.com MEDIUM MEDIUM Single Responsibility Principle (SRP) A class should have only one responsibility, promoting modular and understandable code. Open/Closed Principle (OCP) Software entities should be open for extension but closed for modification, facilitating adaptability through interfaces and abstract classes. Liskov Substitution Principle (LSP) Objects of a superclass should be replaceable with objects of a subclass without affecting program correctness, ensuring consistency in polymorphism. Interface Segregation Principle (ISP) A class should not be forced to implement interfaces it does not use, promoting focused and non-bloated interfaces. Dependency Inversion Principle (DIP): High-level modules should not depend on low-level modules; both should depend on abstractions, reducing coupling and improving flexibility.
  • 37. What are the advantages and disadvantages of microservices architecture? Q.21 37 www.bosscoderacademy.com HARD HARD Microservices are an architectural style that structures an application as a collection of small, loosely coupled, and independently deployable services. Key Concepts: Independence: Each service has specific business function. Developed & scaled separately. Modularity: Breaking down a large, monolithic application into smaller, manageable pieces. Advantages of Microservices: Agility and Speed: Faster development and deployment cycles due to independent services. Scalability: Individual services can be scaled up or down independently based on demand. Resilience: Failure of one service doesn't cripple the entire app. Technology Choice: Each service can use the best tool for the job without affecting others.
  • 38. 38 www.bosscoderacademy.com Disadvantages of Microservices: Complexity: Increased overhead in managing infrastructure, communication, and monitoring. Testing: Testing complex distributed systems can be challenging and time-consuming. Debugging: Identifying and fixing issues across services can be difficult. Cost: Initial setup and ongoing maintenance can be more expensive than monolithic.
  • 39. What is the difference between horizontal and vertical scaling? Q.22 Horizontal scaling involves adding more machines or nodes to a system to distribute the load and increase performance.Vertical scaling involves increasing the resources (CPU, RAM, storage, etc.) on a single machine to improve its performance. Choosing between horizontal and vertical scaling depends on your specific needs. Here are some general guidelines: Handling high workloads and surges in traffic. Building highly resilient and available systems. Use horizontal scaling for: 39 www.bosscoderacademy.com MEDIUM MEDIUM Feature Horizontal Scaling Vertical Scaling Method Add more machines Add more resources to existing machine Work distribution Distributed across nodes Single machine handles all workload Flexibility & Resilience High Low Management complexity High Low Cost- effectiveness High (long run) Low (low workload)
  • 40. Processing large datasets efficiently. Use vertical scaling for: Simple workloads and applications. Rapid deployment and testing. Cost-efficiency for low workloads. 40 www.bosscoderacademy.com
  • 41. What is the difference between HTTP methods GET and POST? Q.23 GET: Used to request data from a specified resource, with parameters appended to the URL. It is idempotent and suitable for data retrieval. POST: Used to submit data to a specified resource, with data sent in the request body. It is non-idempotent and suitable for actions causing side effects, like form submissions. GET /example/resource?param1=value1&param2=value2 HTTP/1.1 Host: example.com POST /example/resource HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded param1=value1&param2=value2 Example GET request: Example POST request: 41 www.bosscoderacademy.com MEDIUM MEDIUM
  • 42. Feature GET POST Purpose Retrieve data Send data Data transfer URL parameters Request body Visibility Public (in URL) Private (hidden) Caching Yes No (usually) Bookmarks Yes No Idempotency Yes No Data limitation Yes No Security Less secure More secure 42 www.bosscoderacademy.com
  • 43. How can you maintain API Security? Q.24 Maintaining API security is crucial in today's digital landscape, where data breaches and unauthorized access can have severe consequences. Here are some key practices to keep your APIs secure: Implement Token-based Authentication: Ensure secure access to services and resources by assigning tokens to trusted identities. Employ Encryption and Signatures: Safeguard your data with encryption, such as TLS, and require signatures to verify the legitimacy of users accessing and modifying the data. Identify and Address Vulnerabilities: Stay vigilant by regularly updating operating systems, networks, drivers, and API components. Utilize sniffers to detect security issues and potential data leaks. Implement Quotas and Throttling: Set usage limits on API calls and monitor historical usage patterns. Unusual spikes in API calls may indicate misuse or errors, and implementing throttling rules can protect against abuse and potential Denial-of-Service attacks. Utilize an API Gateway: Deploy an API gateway as a central point for managing and securing API traffic. A robust gateway enables authentication, control, and analysis of API usage. 43 www.bosscoderacademy.com MEDIUM MEDIUM
  • 44. What happens when you search for something on www.google.com? Q.25 44 www.bosscoderacademy.com HARD HARD Here's a breakdown of what happens when you search on Google, focusing on the backend aspects: Query Submission: You enter your search term on the Google homepage. The browser sends a GET request to Google's servers, including your search query and other information (IP address, browser type, etc.). Processing and Parsing: Google's web crawlers and indexing systems have already built a massive database of web pages and their content. The query is parsed and analyzed to understand its meaning and intent. This might involve stemming, synonymization, and entity recognition. Ranking and Retrieval: The parsed query is matched against the indexed pages, using sophisticated algorithms like PageRank and BM25. These consider factors like relevance, authority, and freshness of the content. A ranked list of results is generated, prioritizing the most relevant and helpful pages.
  • 45. 45 www.bosscoderacademy.com Serving the Results: The search engine selects the top results and retrieves the necessary data from the database. This data is formatted into HTML snippets with titles, descriptions, and links to the original pages. The HTML response is sent back to your browser. Displaying the Results: Your browser receives and interprets the HTML response, displaying the search results page with the ranked snippets. You can then click on the snippets to visit the relevant websites. Additional Backend Considerations: Load balancing: Google distributes requests across its vast server network to handle high search volume efficiently. Caching: Frequently accessed data is cached to improve response times. Personalization: Search results can be personalized based on your location, search history, and other factors. Security: Google implements various security measures to protect user data and prevent malicious activities.
  • 46. Why Bosscoder? 750+ 136% hike 2 out of 3 24LPA. Alumni placed at Top Product-based companies. More than for every 
 working professional. Average package of . Explore More