Focus: React.js, Next.js, Node.js, PostgreSQL, API Design, Security, UI/UX, Git, System Design, Debugging
- Introduction and HR Questions
- JavaScript Fundamentals
- React.js
- Next.js
- HTML and CSS
- UI/UX and Responsive Design
- Node.js and Express.js
- REST API Design
- Authentication and Security
- PostgreSQL and SQL
- Git and GitHub
- Testing and Debugging
- Performance and Scalability
- Android and Mobile Integration Basics
- Cloud and Deployment Basics
- Full Stack Project Questions
- Critical System Design
- Behavioral Questions
- Rapid Fire Questions
- Final Revision Checklist
Answer: I am a software engineer with strong backend development experience and growing full stack expertise. My core strengths are API development, database design, debugging, authentication, and building maintainable systems. I enjoy solving practical business problems and making sure software is secure, scalable, and easy to maintain. I have also been improving my frontend knowledge, especially around React, responsive UI, and integrating backend services cleanly. What interests me about this role is that it combines product thinking, full stack engineering, and real user impact through HRIS and job platform solutions.
Answer: I want to join because the company is building practical platforms like HRIS, job platforms, and networking tools, which solve real-world problems. I like working on systems that directly affect users and business operations. The technology stack also matches the direction I want to grow in, especially full stack development involving modern frontend frameworks, APIs, databases, and scalable product development.
Answer: I am a good fit because I think beyond only frontend or backend. I focus on how the entire system works together: UI, API, database, security, performance, and maintainability. I am comfortable with backend logic, debugging, and data modeling, and I can also work on frontend integration and responsive design. I also value communication, ownership, and writing clean code, which are important in a collaborative product team.
Answer: My strengths are problem solving, debugging complex issues, designing backend logic, and thinking structurally about software. I am also strong at learning new technologies quickly and turning business requirements into working systems. I care about code quality and long-term maintainability.
Answer: One weakness I have worked on is spending too much time trying to perfect an implementation early. Over time, I have become better at balancing quality with delivery speed by first shipping a clean working solution and then improving it iteratively.
Answer: I see myself becoming a strong full stack engineer who can design and build complete systems, contribute to architecture decisions, mentor junior developers, and take ownership of important product modules.
Answer:
varis function-scoped and can be redeclared and updated.letis block-scoped and can be updated but not redeclared in the same scope.constis block-scoped and cannot be reassigned after declaration.
Best practice: use const by default, and let only when the value needs to change.
Answer: Hoisting is JavaScript's behavior of moving declarations to the top of their scope before execution.
varis hoisted and initialized withundefinedletandconstare hoisted too, but they stay in the temporal dead zone until declared- Function declarations are hoisted completely
Answer: A closure happens when a function remembers variables from its outer scope even after the outer function has finished execution.
function outer() {
let count = 0;
return function inner() {
count++;
return count;
};
}
const counter = outer();Use cases: private state, callbacks, function factories, memoization.
Answer: JavaScript is single-threaded, but it handles asynchronous operations using the event loop.
- Synchronous code goes to the call stack
- Async operations like timers and I/O are handled outside the stack
- Completed callbacks go to queues
- The event loop moves them into the stack when it becomes free
Important detail:
- Promise callbacks go into the microtask queue
setTimeoutcallbacks go into the macrotask queue- Microtasks execute before macrotasks
Answer:
==compares values after type coercion===compares value and type without coercion
Best practice: always prefer ===
Answer: The primitive types are:
- string
- number
- bigint
- boolean
- undefined
- symbol
- null
Answer:
undefinedmeans a variable has been declared but not assigned a valuenullis an intentional assignment meaning "no value"
Answer:
map()transforms every item and returns a new arrayfilter()returns items that match a conditionreduce()combines array items into a single value
const nums = [1, 2, 3];
nums.map((x) => x * 2); // [2,4,6]
nums.filter((x) => x > 1); // [2,3]
nums.reduce((a, b) => a + b, 0); // 6Answer: Destructuring is a shorter way to extract values from arrays or objects.
const user = { name: "Asif", age: 25 };
const { name, age } = user;Answer:
The spread operator ... expands arrays or objects.
const a = [1, 2];
const b = [...a, 3];It is useful for copying arrays and objects and merging data immutably.
Answer: Debounce delays a function call until the user stops triggering it for a certain time.
Use cases: search input, resize events, autocomplete.
Answer: Throttle limits how often a function can run within a certain time window.
Use cases: scroll events, mouse movement, resize handlers.
Answer:
- Debounce waits until activity stops
- Throttle runs at controlled intervals during activity
Answer: React is a JavaScript library for building user interfaces using reusable components and a virtual DOM.
Answer: The virtual DOM is a lightweight JavaScript representation of the real DOM. React updates the virtual DOM first, compares changes, and then updates only the necessary parts of the real DOM. This improves performance.
Answer: Components are reusable pieces of UI. They can be functional or class-based, though modern React mainly uses functional components with hooks.
Answer: JSX is syntax that looks like HTML inside JavaScript. It allows developers to describe UI structure more clearly.
const element = <h1>Hello</h1>;Answer: State is data managed inside a component that can change over time and trigger re-renders.
Answer: Props are inputs passed from a parent component to a child component. Props are read-only.
Answer: A component re-renders when:
- its state changes
- its props change
- its parent re-renders
- context changes
Answer:
useState is a hook used to manage local component state.
const [count, setCount] = useState(0);Answer:
useEffect is used for side effects such as API calls, subscriptions, timers, and DOM updates.
useEffect(() => {
fetchData();
}, []);- No dependency array: runs after every render
- Empty dependency array: runs once after mount
- With dependencies: runs when dependencies change
Answer: Cleanup is used to remove subscriptions, clear timers, or prevent memory leaks.
useEffect(() => {
const timer = setInterval(() => {}, 1000);
return () => clearInterval(timer);
}, []);Answer:
useRef stores a mutable value that does not trigger a re-render. It is also used to access DOM elements directly.
Answer:
useMemo memoizes a calculated value so it is only recomputed when dependencies change.
Use case: expensive calculations.
Answer:
useCallback memoizes a function so its reference stays stable unless dependencies change.
Use case: preventing unnecessary child re-renders when passing callbacks.
Answer:
React.memo prevents a functional component from re-rendering if its props have not changed.
Answer:
- Use
React.memo - Use
useMemoanduseCallbackcarefully - Avoid unnecessary state
- Split components properly
- Lazy load large components
- Virtualize long lists
- Reduce expensive computations during render
Answer:
- Controlled components use React state to manage form values
- Uncontrolled components rely on the DOM directly
Best practice: controlled components are usually preferred in React forms.
Answer: Lifting state up means moving state to the nearest common parent so multiple child components can share and update it.
Answer: Prop drilling happens when props are passed through many layers of components just to reach a deep child. This can make code hard to maintain.
Solution: context API, state management libraries.
Answer: Context API allows data to be shared globally across components without passing props manually at every level.
Answer: A key helps React identify which items changed, were added, or removed.
Best practice: use unique stable IDs, not array index if the list can change.
Answer: Next.js provides:
- file-based routing
- server-side rendering
- static site generation
- API routes
- image optimization
- better SEO
- improved performance out of the box
Answer: SSR stands for Server Side Rendering. The page is rendered on the server for every request.
Use case: dynamic content, SEO-sensitive pages.
Answer: SSG stands for Static Site Generation. Pages are generated at build time.
Use case: blog posts, documentation, mostly static pages.
Answer: CSR stands for Client Side Rendering. The browser loads a basic page and then JavaScript renders the rest on the client side.
Answer:
- SSR: generated on each request
- SSG: generated at build time
- CSR: rendered in the browser
Answer: Hydration is the process where React attaches event listeners and makes server-rendered HTML interactive on the client.
Answer: Next.js lets you build backend endpoints inside the same project using API routes.
Answer:
Dynamic routing allows pages like /jobs/[id] where the page content depends on route parameters.
Answer: It fetches data on the server for each request before rendering the page.
Answer: It fetches data at build time for static generation.
Answer:
- Block elements take full width and start on a new line
- Inline elements only take the space they need
Answer:
Semantic HTML uses meaningful tags like header, footer, article, section, nav, main to improve accessibility and readability.
Answer:
idshould be unique in the documentclasscan be reused across multiple elements
Q4. Difference between display: none and visibility: hidden?
Answer:
display: noneremoves the element from the layoutvisibility: hiddenhides the element but keeps its space
Answer: The box model includes:
- content
- padding
- border
- margin
Answer:
relative: positioned relative to its normal positionabsolute: positioned relative to nearest positioned ancestorfixed: positioned relative to viewportsticky: behaves like relative until a threshold, then fixed-like
Answer:
- Flexbox is one-dimensional, good for rows or columns
- Grid is two-dimensional, good for layout with rows and columns
Answer:
z-index controls stacking order of overlapping elements. It works on positioned elements.
Answer: Responsive design means the UI adapts to different screen sizes and devices such as mobile, tablet, and desktop.
Answer: Mobile-first means designing for small screens first, then progressively enhancing for larger screens.
Answer: Because users access applications from many devices. A poor mobile experience can reduce usability, engagement, and conversions.
Answer: Breakpoints are screen width thresholds used in media queries to adjust layout and styles.
Answer: Good UI/UX means the system is:
- easy to understand
- visually clear
- accessible
- consistent
- fast
- intuitive for users
Answer:
- Too much clutter
- Poor spacing
- Weak contrast
- Not mobile-friendly
- Inconsistent buttons and forms
- No loading or error states
- Ignoring accessibility
Answer:
- clear labels
- inline validation
- helpful error messages
- proper spacing
- keyboard accessibility
- good default values when appropriate
Answer: Accessibility means designing software so people with disabilities can use it. This includes keyboard navigation, screen reader support, proper semantic HTML, and sufficient contrast.
Answer: I would use the component system for speed and consistency, but I would still customize spacing, states, validation, responsiveness, and branding so the UI matches product needs instead of feeling generic.
Answer: Node.js is a JavaScript runtime built on Chrome's V8 engine. It lets us run JavaScript on the server.
Answer: It is good for:
- event-driven systems
- I/O-heavy applications
- real-time applications
- fast API development
- using one language on both frontend and backend
Answer: Non-blocking I/O means Node.js can continue handling other tasks while waiting for I/O operations like database queries or file reads to complete.
Answer: The main JavaScript execution is single-threaded, but Node.js uses an event loop and underlying system threads for I/O operations. This lets it handle many concurrent connections efficiently.
Answer: Express.js is a lightweight web framework for Node.js used to build APIs and web applications.
Answer: Middleware is a function that runs during the request-response cycle before the final route handler.
Examples:
- logging
- authentication
- validation
- error handling
Answer:
- Synchronous code runs line by line and blocks until done
- Asynchronous code allows other operations to continue while waiting for slow tasks like I/O
Answer: Callback hell happens when multiple nested callbacks make code hard to read and maintain.
Solution: promises and async/await.
Answer: A Promise represents the result of an asynchronous operation that may complete in the future.
It has 3 states:
- pending
- fulfilled
- rejected
Answer:
async/await makes asynchronous code look cleaner and more readable than chained .then() calls.
Answer: Error handling is usually done with middleware that catches thrown errors and sends a consistent response format.
app.use((err, req, res, next) => {
res.status(500).json({ message: err.message });
});Answer: A clean structure may include:
- routes
- controllers
- services
- repositories or data access layer
- middleware
- models
- utils
- config
This separation improves maintainability and testing.
Answer: REST is an architectural style for designing web APIs using resources, HTTP methods, statelessness, and standard response codes.
Answer:
- GET: fetch data
- POST: create data
- PUT: replace full resource
- PATCH: partial update
- DELETE: remove data
Answer:
- PUT replaces the full resource
- PATCH updates part of the resource
Answer:
- 200 OK
- 201 Created
- 204 No Content
- 400 Bad Request
- 401 Unauthorized
- 403 Forbidden
- 404 Not Found
- 409 Conflict
- 422 Unprocessable Entity
- 500 Internal Server Error
Answer:
- 401 means the user is not authenticated
- 403 means the user is authenticated but not allowed to access the resource
Answer: Example endpoints:
POST /auth/registerPOST /auth/loginGET /jobsGET /jobs/:idPOST /jobsPUT /jobs/:idDELETE /jobs/:idPOST /jobs/:id/applyGET /applications/me
Answer: I validate:
- required fields
- field format
- length constraints
- business rules
- duplicate checks
- authorization rules
Validation should happen before the business logic executes.
Answer: A good API is:
- consistent
- predictable
- well-named
- secure
- properly validated
- easy to document
- uses clear error responses
Answer: Commonly by URL path such as:
/api/v1/jobs
This helps preserve backward compatibility when the API changes.
Answer: Pagination limits how much data is returned per request.
It improves:
- performance
- response time
- frontend usability
- database efficiency
Answer: They are used for:
- filtering
- sorting
- pagination
- search
Example:
GET /jobs?page=1&size=10&sort=createdAt,desc
Answer: Authentication is the process of verifying who the user is.
Answer: Authorization is the process of deciding what an authenticated user is allowed to do.
Answer: JWT stands for JSON Web Token. It is used to securely transmit user identity and claims between client and server.
It has:
- header
- payload
- signature
Answer:
- User logs in with credentials
- Server verifies credentials
- Server issues a JWT
- Client stores token
- Client sends token in Authorization header
- Server validates token on protected requests
Answer: Safer options usually involve secure HTTP-only cookies. Storing tokens in localStorage is simpler but more exposed to XSS risks.
Answer: Hashing is converting plaintext into a fixed-length string using a one-way algorithm.
Passwords should be hashed, never stored in plain text.
Answer: Salting adds randomness before hashing so identical passwords do not produce identical hashes. It helps protect against rainbow table attacks.
Answer: SQL Injection happens when malicious input changes the intended SQL query.
Prevention:
- prepared statements
- ORM parameter binding
- input validation
- least privilege DB access
Answer: Cross-Site Scripting happens when malicious scripts are injected into a page and run in another user's browser.
Prevention:
- sanitize input
- escape output
- content security policy
- avoid unsafe HTML rendering
Answer: Cross-Site Request Forgery tricks a logged-in user into making unwanted actions.
Prevention:
- CSRF tokens
- same-site cookies
- origin checks
Answer: CORS controls which domains are allowed to access backend resources from browsers.
Answer:
- authentication
- authorization
- validation
- rate limiting
- HTTPS
- proper error handling
- logging and monitoring
- secure headers
- input sanitization
- secrets management
Answer: Rate limiting restricts how many requests a client can make in a time period. It helps prevent abuse, brute force, and denial of service.
Answer: PostgreSQL is a powerful open-source relational database known for reliability, standards compliance, and advanced SQL features.
Answer: Normalization is organizing data to reduce redundancy and improve consistency.
Answer: Denormalization intentionally adds redundancy to improve read performance in some cases.
Answer: A primary key uniquely identifies each row in a table.
Answer: A foreign key creates a relationship between tables and enforces referential integrity.
Answer:
- INNER JOIN returns matching records from both tables
- LEFT JOIN returns all records from the left table and matching records from the right table
Answer: An index is a database structure that speeds up data retrieval.
Tradeoff: faster reads, slower writes, more storage.
Answer: Add indexes on:
- columns used in WHERE
- JOIN columns
- ORDER BY columns
- frequently searched columns
But avoid indexing everything because writes become more expensive.
Answer:
WHEREfilters rows before groupingHAVINGfilters grouped results after aggregation
Answer: A transaction is a group of database operations treated as one unit.
It follows ACID principles:
- Atomicity
- Consistency
- Isolation
- Durability
Answer:
GROUP BY groups rows by one or more columns so aggregate functions can be applied.
Answer:
DELETEremoves selected rowsTRUNCATEremoves all rows quicklyDROPremoves the table itself
Answer:
SELECT user_id, COUNT(*) AS total_applications
FROM applications
GROUP BY user_id
ORDER BY total_applications DESC
LIMIT 5;Answer:
SELECT j.id, j.title, c.name AS company_name
FROM jobs j
INNER JOIN companies c ON j.company_id = c.id;Answer: Main tables:
- users
- companies
- jobs
- applications
- skills
- user_skills
- saved_jobs
- notifications
This supports users, employers, job posts, applications, and future expansion.
Answer:
- inspect query plan
- add proper indexes
- avoid SELECT *
- reduce joins if unnecessary
- paginate large queries
- normalize or denormalize where appropriate
- cache repeated data
- optimize filtering and sorting columns
Answer: Git is a distributed version control system used to track changes in code.
Answer: GitHub is a platform for hosting Git repositories, collaboration, pull requests, and code review.
Answer:
git fetchdownloads changes but does not merge themgit pulldownloads and merges changes
Answer: A branch is an isolated line of development for working on features or fixes without affecting the main codebase.
Answer: A pull request is a request to merge code changes into another branch after review.
Answer: A merge conflict happens when Git cannot automatically resolve differences between branches.
Answer: Rebase moves one branch on top of another to create a cleaner linear history.
Answer:
- Merge preserves full history with a merge commit
- Rebase rewrites history for a cleaner sequence
Answer: Good commit messages improve traceability, debugging, code reviews, and team understanding.
Answer: I usually:
- reproduce the issue
- inspect logs
- check request input
- verify service logic
- inspect database query results
- test edge cases
- isolate the failing layer
- fix and retest
Answer: I inspect:
- browser console
- network tab
- component state
- props flow
- rendering conditions
- event handlers
- API response data
Answer:
- direct mutation of state
- wrong dependency array
- stale props
- memoization issue
- async state misunderstanding
Answer: I check:
- frontend bundle size
- unnecessary re-renders
- API response times
- slow DB queries
- missing indexes
- large payloads
- cache misses
- network latency
Answer:
- assess severity
- reproduce if possible
- reduce user impact
- inspect logs and monitoring
- identify root cause
- patch safely
- verify fix
- write preventive tests
- document findings
Answer: Unit testing verifies small isolated pieces of code like functions or methods.
Answer: Integration testing checks whether multiple components work together correctly, such as API and database interaction.
Answer: Tests improve confidence, catch regressions, and support refactoring.
Answer: Caching stores frequently accessed data temporarily so future requests can be served faster.
Answer:
- browser cache
- CDN
- server memory
- Redis
- database query caching in some architectures
Answer: Lazy loading delays loading non-critical resources until needed.
Examples:
- images
- routes
- heavy components
Answer: Code splitting breaks JavaScript bundles into smaller chunks so only required code is loaded.
Answer: A CDN is a distributed network of servers that delivers static content faster by serving it from locations closer to users.
Answer:
- make services stateless
- add load balancer
- scale horizontally
- use caching
- optimize queries
- offload background jobs
- use message queues if needed
Answer:
- indexing
- query optimization
- read replicas
- connection pooling
- partitioning or sharding at higher scale
- caching repeated reads
Answer: Connection pooling reuses database connections instead of creating a new one for every request, improving performance.
Answer:
- Vertical scaling: making one server stronger
- Horizontal scaling: adding more servers
Answer: A load balancer distributes incoming traffic across multiple servers to improve availability and performance.
Answer: Because many systems now serve both web and mobile users. Understanding mobile constraints helps in API design, performance, authentication, payload structure, offline support, and responsive UX decisions.
Answer:
- smaller payloads
- stable contracts
- pagination
- proper authentication
- offline retry behavior
- network efficiency
- version compatibility
Answer:
- Responsive web adapts the browser-based UI to device size
- Native mobile app is built specifically for the mobile platform and has deeper hardware integration
Answer: Cloud computing means using remote infrastructure and services over the internet instead of managing everything on local servers.
Answer:
- IaaS: infrastructure like virtual machines
- PaaS: platform to deploy apps
- SaaS: ready-to-use software over the web
Answer: Docker packages an application and its dependencies into containers so it runs consistently across environments.
Answer: CI/CD stands for Continuous Integration and Continuous Delivery or Deployment.
- CI: automatically build and test code
- CD: automatically deliver or deploy code
Answer: Different environments like development, staging, and production have different configs such as database URLs, secrets, and service endpoints.
Answer: Hardcoding secrets is insecure and makes rotation and environment management difficult.
Answer: HTTPS encrypts communication between client and server using TLS, protecting data in transit.
Answer: I would break it into modules:
- authentication pages
- job list page
- job details page
- application form
- user dashboard
- admin or recruiter dashboard
- user management
- job management
- application management
- notifications
- role-based access control
- users
- companies
- jobs
- applications
- saved jobs
- audit logs
Then I would define API contracts, validations, authorization rules, and scalable architecture.
Answer: Usually through REST APIs over HTTP, where the frontend sends requests and receives JSON responses.
Answer:
- weak validation
- inconsistent API responses
- poor state management
- no loading or error handling
- insecure authentication
- bad DB indexing
- poor folder structure
- unclear ownership of business logic
Answer:
- modular structure
- clear naming
- separation of concerns
- reusable components
- consistent response format
- tests
- proper documentation
- reviewable pull requests
Design a platform where:
- users can register and log in
- recruiters can post jobs
- job seekers can browse and apply
- users can save jobs
- admins can manage users and content
- the system should scale to many users
- the system should remain secure and maintainable
- User registration and login
- Profile management
- Recruiter creates and updates jobs
- Job seeker browses jobs
- Job seeker applies for jobs
- Recruiter sees applicants
- Search and filter jobs
- Admin dashboard
- Notifications
- Role-based access
- Fast response time
- High availability
- Secure authentication
- Scalable backend
- Efficient database queries
- Good user experience on mobile and desktop
- Observability with logs and monitoring
- Maintainable architecture
[ Client: Web / Mobile ]
|
v
[ Load Balancer / Reverse Proxy ]
|
v
[ App Servers: Next.js + Node.js API ]
|
-------------------------
| | |
v v v
[PostgreSQL] [Redis] [Object Storage]
|
v
[Read Replicas / Analytics / Search]
- React.js / Next.js
- UI library: Material UI or Ant Design
- Client-side state for UI
- API service layer for backend communication
- auth
- jobs
- profile
- applications
- dashboard
- notifications
- admin panel
- reusable components
- route-level code splitting
- lazy loading
- loading and error states
- form validation
- accessibility
- responsive layouts
- Auth Service
- User Service
- Job Service
- Application Service
- Notification Service
- Admin Service
- routes
- controllers
- services
- repositories
- models
- middleware
It separates HTTP handling, business logic, and data access, which improves testability and maintainability.
- id
- full_name
- password_hash
- role
- phone
- created_at
- updated_at
- id
- name
- website
- industry
- description
- id
- company_id
- title
- description
- location
- employment_type
- salary_min
- salary_max
- status
- created_by
- created_at
- updated_at
- id
- job_id
- user_id
- resume_url
- cover_letter
- status
- applied_at
- id
- user_id
- job_id
- created_at
- id
- user_id
- type
- message
- is_read
- created_at
- One company can have many jobs
- One user can apply to many jobs
- One job can have many applications
- One user can save many jobs
- One user can receive many notifications
POST /api/v1/auth/registerPOST /api/v1/auth/loginPOST /api/v1/auth/logoutPOST /api/v1/auth/refresh
GET /api/v1/users/mePUT /api/v1/users/me
GET /api/v1/jobsGET /api/v1/jobs/:idPOST /api/v1/jobsPUT /api/v1/jobs/:idDELETE /api/v1/jobs/:id
POST /api/v1/jobs/:id/applyGET /api/v1/applications/meGET /api/v1/jobs/:id/applications
POST /api/v1/jobs/:id/saveDELETE /api/v1/jobs/:id/save
- keyword
- location
- job type
- salary range
- company
- experience level
Start with PostgreSQL filtering and indexes. If search becomes heavy and complex, move advanced search to Elasticsearch or OpenSearch.
JWT-based auth with refresh token
- User logs in
- Server validates credentials
- Issue access token and refresh token
- Client sends access token on requests
- Refresh token used to obtain a new access token when expired
- short-lived access token
- refresh token rotation
- secure cookie if web
- password hashing with bcrypt or Argon2
- role-based access control
- job seeker
- recruiter
- admin
- only recruiter can create jobs
- only applicant can view own applications
- only admin can ban users or moderate platform data
Use Redis for:
- frequently accessed job lists
- company profile snapshots
- session or token blacklist if needed
- rate limiting counters
It reduces database load and improves response time.
For resumes or profile images:
- frontend uploads file
- backend validates file type and size
- store file in object storage
- save file URL or metadata in DB
Because databases are not ideal for serving large binary objects at scale.
- pagination on all large list endpoints
- indexed search columns
- connection pooling
- caching repeated queries
- avoid N+1 query problems
- code splitting
- image optimization
- lazy loading
- avoid unnecessary re-renders
- debounced search input
Approach:
- put app behind load balancer
- run multiple stateless backend instances
- use Redis cache
- optimize DB indexes
- separate read-heavy workloads
- use read replicas if needed
- move emails and notifications to background jobs
Use background workers for:
- sending email
- generating reports
- processing large imports
- cleanup tasks
- notification dispatch
Prevents slow operations from blocking user-facing requests.
Track:
- request latency
- error rates
- CPU and memory usage
- DB query performance
- cache hit ratio
Use:
- structured logging
- metrics dashboard
- alerts
- trace IDs if possible
- inspect slow queries
- add indexes
- optimize joins
- cache repeated reads
- scale vertically first if needed
- add read replicas later
- use multiple instances
- auto restart
- health checks
- logs and alerts
- retry mechanism
- proper error feedback
- queue uploads if appropriate
Because it is reliable, relational, supports strong queries, and fits HR/job data very well.
For a mid-level product or startup stage, a well-structured modular monolith is usually simpler, faster to build, and easier to maintain. Microservices add operational complexity too early if scale does not yet demand them.
When clear domain boundaries, team scale, deployment needs, or traffic patterns justify the complexity.
Because:
- easier deployment
- easier debugging
- fewer network boundaries
- faster development
Split services only when:
- team grows
- modules scale independently
- deployments need separation
- one module becomes bottleneck
- unauthorized access to applicant data
- weak password storage
- insecure file uploads
- brute force login attempts
- XSS in job descriptions or profiles
- SQL injection in filters
- broken access control on recruiter endpoints
- hashing and salting
- secure auth tokens
- strict authorization
- sanitization
- rate limiting
- audit logs
- file validation
Short version to say in interview:
I would design the system as a modular monolith using Next.js on the frontend, Node.js with Express on the backend, PostgreSQL as the primary relational database, and Redis for caching and rate limiting. I would define separate modules for authentication, users, jobs, applications, and notifications. The system would use JWT-based authentication with role-based authorization for job seekers, recruiters, and admins. For scale, I would keep backend instances stateless so they can scale horizontally behind a load balancer. I would add pagination, indexing, caching, and background jobs for emails and notifications. For search, I would start with PostgreSQL and introduce Elasticsearch only if advanced search requirements or heavy scale demand it. I would also prioritize observability, secure file upload, and a responsive frontend experience.
Answer Structure:
- explain the issue
- mention impact
- describe how you investigated
- explain the root cause
- describe the fix
- mention the result
Sample Answer: I faced a bug where data returned from an endpoint was inconsistent for some users. I first reproduced the issue and checked logs, request flow, and database records. After isolating the behavior, I found that the issue was caused by a mismatch between backend filtering logic and the expected UI state. I fixed the service logic, added validation for the edge case, and verified it with tests. After deployment, the issue was resolved and the data became consistent.
Answer: I handle deadlines by breaking work into smaller parts, estimating carefully, identifying risks early, and communicating clearly if tradeoffs are needed. I focus on shipping the most important and correct version first, then improving incrementally if time allows.
Answer: I try to understand the technical and communication sides of the disagreement first. Then I focus the discussion on facts, requirements, tradeoffs, and what is best for the product. I try not to make it personal and prefer collaboration over ego.
Answer: Yes. I am comfortable taking ownership of a module, understanding requirements, designing the implementation, debugging issues, and delivering it. At the same time, I know when to ask questions or align with the team so I do not make isolated decisions that affect others.
Answer: I start from fundamentals, build a small working example, read official documentation, and connect the new technology to what I already know. I learn fastest by applying it to a practical problem instead of only reading theory.
Answer: The Document Object Model is the browser representation of HTML as objects.
Answer: Not changing the original data directly; instead creating new copies with updates.
Answer: An API following REST principles using resources and standard HTTP methods.
Answer: A lightweight format for exchanging structured data.
Answer: Node Package Manager, used to install and manage JavaScript packages.
Answer: A browser security mechanism controlling cross-origin requests.
Answer: Object Relational Mapping, which helps interact with the database using objects instead of raw SQL.
Answer: Organizing database data to reduce redundancy.
Answer: Dividing data into smaller pages instead of returning everything at once.
Answer: Restricting request count over time to prevent abuse.
Answer: Using a refresh token to obtain a new access token after the old one expires.
Answer: A layout that adapts to different screen sizes.
Answer: Search Engine Optimization, improving visibility in search engines.
Answer: Loading resources only when needed.
Answer: A sequence of middleware functions processing a request before final handling.
- scopes
- closures
- hoisting
- promises
- async/await
- event loop
- array methods
- debounce/throttle
- props and state
- hooks
- re-renders
- optimization
- forms
- context
- keys
- lifecycle with
useEffect
- SSR
- SSG
- CSR
- API routes
- routing
- hydration
- SEO benefits
- Node.js basics
- Express middleware
- error handling
- API structure
- validation
- pagination
- logging
- authentication vs authorization
- JWT
- password hashing
- SQL injection
- XSS
- CSRF
- CORS
- rate limiting
- joins
- indexes
- transactions
- normalization
- query optimization
- schema design
- responsive design
- mobile first
- accessibility
- form UX
- component libraries
- architecture
- modules
- DB schema
- scaling
- caching
- search
- observability
- tradeoffs
-
Do not memorize word by word. Understand and speak naturally.
-
In technical questions, explain both concept and practical use.
-
In system design, always mention:
- requirements
- architecture
- database
- scaling
- security
- tradeoffs
-
If you do not know something fully, say what you know clearly instead of guessing wildly.
-
Think like an engineer, not just like an exam candidate.
- Tell me about yourself.
- Why this company?
- What is closure?
- Explain event loop.
- Difference between
letandconst. - What causes React re-render?
- Explain
useEffect. - Difference between
useMemoanduseCallback. - SSR vs SSG vs CSR.
- Why Next.js?
- How does Node.js handle concurrency?
- What is middleware?
- How do you design a REST API?
- PUT vs PATCH.
- 401 vs 403.
- How does JWT work?
- How do you secure an API?
- What is SQL injection?
- INNER JOIN vs LEFT JOIN.
- What is indexing?
- How do you optimize a slow query?
- What is responsive design?
- Flexbox vs Grid.
- How do you debug a production issue?
- What is caching?
- How do you scale backend services?
- How do you scale a database?
- Design a job platform.
- Why are you fit for this role?
- Tell me about a bug you solved.
Answer: You should hire me because I bring structured problem solving, strong backend fundamentals, and a growing full stack mindset. I care about clean code, secure systems, and user-focused implementation. I can contribute technically from day one, learn fast where needed, and work responsibly with both product and engineering teams. I am not just interested in writing code, I am interested in building reliable products that create real value.