30 Technical Screening Questions with Real-Time AI Answers

A hash map stores key-value pairs using a hash function for O(1) average lookup, insertion, and deletion. Keys are unordered. A tree map stores entries in a sorted red-black tree, giving O(log n) operations but maintaining keys in sorted order. Use hash map when you need fast access and do not care about order. Use tree map when you need sorted iteration or range queries.

Quicksort has O(n log n) average time complexity and O(n squared) worst case. The worst case occurs when the pivot consistently selects the smallest or largest element, creating maximally unbalanced partitions. This happens with already sorted or reverse-sorted input when using first or last element as pivot. Randomized pivot selection or median-of-three pivot strategy avoids the worst case in practice.

Use Floyd's cycle detection algorithm with two pointers. A slow pointer moves one step at a time and a fast pointer moves two steps. If there is a cycle, they will eventually meet. If the fast pointer reaches null, there is no cycle. Time complexity is O(n) and space complexity is O(1). To find the cycle start, reset one pointer to the head after detection and move both one step at a time until they meet again.

Dynamic programming solves problems by breaking them into overlapping subproblems, solving each once, and storing results to avoid redundant computation. You use it when a problem has optimal substructure (optimal solution contains optimal solutions to subproblems) and overlapping subproblems (same subproblems are solved multiple times). Classic examples include Fibonacci, knapsack, longest common subsequence, and shortest path problems.

A BST maintains the invariant that for every node, all left descendants have smaller values and all right descendants have larger values. This enables O(log n) search, insert, and delete in the balanced case. The limitation is that insertions in sorted order create a degenerate tree that becomes a linked list with O(n) operations. Self-balancing variants like AVL trees and red-black trees maintain O(log n) height guarantee.

BFS explores all neighbors at the current depth before moving deeper, using a queue. DFS explores as far as possible along a branch before backtracking, using a stack or recursion. Use BFS for shortest path in unweighted graphs, level-order traversal, and when the solution is likely near the root. Use DFS for topological sort, cycle detection, path finding in mazes, and when memory is constrained since DFS uses O(h) space versus BFS O(w) where h is height and w is width.

Use a base62 encoding of an auto-incrementing ID or a hash of the URL truncated to 7 characters. Store the mapping in a key-value store like Redis for fast lookups with a persistent database (PostgreSQL) as the source of truth. Handle collisions by appending a counter to the hash. Add a 301 redirect endpoint that looks up the short code and redirects. Scale reads with a CDN and multiple read replicas. Rate limit writes to prevent abuse. Estimated storage: 500 bytes per URL, 1 billion URLs would need about 500 GB.

The CAP theorem states that a distributed system can provide at most two of three guarantees: Consistency (all nodes see the same data), Availability (every request gets a response), and Partition tolerance (the system operates despite network failures). Since network partitions are inevitable, the real choice is between CP (consistent but may reject requests during partitions, like ZooKeeper) and AP (available but may return stale data, like Cassandra). Most modern systems choose availability and use eventual consistency.

Use the token bucket algorithm or sliding window counter. For token bucket: each user gets a bucket with a maximum capacity that refills at a fixed rate. Each request consumes one token. If the bucket is empty, reject the request. Implement with Redis using atomic operations: store the token count and last refill timestamp per user. For distributed systems, use a centralized Redis cluster. Return 429 Too Many Requests with a Retry-After header when rate limited.

Sharding horizontally partitions data across multiple database instances based on a shard key. Use it when a single database can no longer handle the write throughput or storage requirements. Choose a shard key that distributes data evenly and aligns with query patterns. Common strategies include hash-based sharding (even distribution but no range queries) and range-based sharding (supports range queries but risk of hot spots). Sharding adds complexity: cross-shard queries, rebalancing, and distributed transactions become difficult.

A load balancer distributes incoming requests across multiple backend servers. Common algorithms include round-robin (equal distribution), weighted round-robin (proportional to server capacity), least connections (routes to the server with fewest active connections), and IP hash (consistent routing for the same client). Layer 4 load balancers operate at the transport level (TCP) and are faster. Layer 7 load balancers operate at the application level (HTTP) and can make routing decisions based on URL path, headers, or cookies. Health checks remove unhealthy servers from the pool.

Microservices decompose an application into small, independently deployable services, each owning its own data and communicating via APIs. They are appropriate when you have a large team that needs to deploy different components independently, when different components have different scaling requirements, or when you need technology diversity. They add complexity: service discovery, distributed tracing, eventual consistency, and network failure handling. Start with a monolith and extract services when the pain of the monolith exceeds the pain of distribution.

SQL databases are relational with fixed schemas, ACID transactions, and SQL query language. They excel at complex queries, joins, and transactional consistency. Examples: PostgreSQL, MySQL. NoSQL databases offer flexible schemas, horizontal scalability, and are optimized for specific access patterns. Types include document stores (MongoDB), key-value stores (Redis), column-family stores (Cassandra), and graph databases (Neo4j). Choose SQL when you need consistency and complex queries. Choose NoSQL when you need horizontal scale, flexible schemas, or specific data models.

A database index is a data structure (typically a B-tree or hash table) that speeds up data retrieval by creating a fast lookup path to rows matching a query condition. Trade-offs: indexes speed up reads (SELECT with WHERE clauses) but slow down writes (INSERT, UPDATE, DELETE) because the index must be updated. They also consume additional storage. Create indexes on columns frequently used in WHERE, JOIN, and ORDER BY clauses. Avoid over-indexing tables with heavy write loads. Composite indexes should follow the left-prefix rule for optimal multi-column queries.

ACID stands for Atomicity (all operations in a transaction succeed or all fail), Consistency (a transaction brings the database from one valid state to another), Isolation (concurrent transactions do not interfere with each other), and Durability (committed transactions persist even after system failures). SQL databases provide ACID guarantees through mechanisms like write-ahead logging, locking, and MVCC (multi-version concurrency control). NoSQL databases often relax one or more ACID properties in favor of availability and partition tolerance.

Database replication copies data from a primary database to one or more replicas. Synchronous replication waits for all replicas to confirm before committing, providing strong consistency but higher latency. Asynchronous replication commits on the primary immediately and propagates changes later, providing lower latency but risking data loss if the primary fails before propagation. Read replicas handle read traffic to scale read throughput. Common patterns include single-leader (one primary, multiple replicas), multi-leader (multiple primaries, for multi-datacenter setups), and leaderless (quorum-based reads and writes, like Cassandra).

Connection pooling maintains a cache of database connections that can be reused across requests. Creating a new database connection is expensive: it involves TCP handshake, authentication, and memory allocation on the database server. A connection pool pre-creates connections and lends them to requesting threads. This reduces latency (no connection setup per request), limits database load (maximum connection count), and improves throughput. Tools like PgBouncer for PostgreSQL and HikariCP for Java are popular connection poolers. Configure pool size based on the formula: connections = (core count * 2) + effective disk spindles.

The N+1 problem occurs when code fetches a list of N records and then executes one additional query per record to fetch related data, resulting in N+1 total queries. For example, fetching 100 users and then querying each user's orders individually. Solutions: use eager loading or JOIN queries to fetch related data in a single query, use batch loading to fetch all related records in one IN clause query, or use a data loader pattern that batches and caches requests within a request cycle. ORMs often cause N+1 problems by default and provide lazy versus eager loading options.

REST uses multiple endpoints (one per resource) with HTTP methods (GET, POST, PUT, DELETE). Each endpoint returns a fixed data structure. GraphQL uses a single endpoint where the client specifies exactly which fields it needs. REST can lead to over-fetching (receiving unnecessary data) or under-fetching (needing multiple requests). GraphQL solves both by letting clients request precisely what they need. REST is simpler, more cacheable (HTTP caching works naturally), and has better tooling maturity. GraphQL is better for complex, nested data requirements and mobile apps where bandwidth matters.

HTTPS uses TLS (Transport Layer Security) on top of HTTP. The process: the client sends a ClientHello with supported cipher suites, the server responds with its certificate and chosen cipher suite, the client verifies the certificate against trusted certificate authorities, they perform a key exchange (typically using ECDHE) to establish a shared secret, and all subsequent communication is encrypted with symmetric encryption (like AES-256-GCM) using that shared secret. The initial handshake uses asymmetric cryptography (slow) to establish a symmetric key (fast) for the session.

CORS (Cross-Origin Resource Sharing) is a browser security mechanism that restricts web pages from making requests to domains other than the one that served the page. It exists to prevent malicious websites from making authenticated requests to other sites using the user's credentials. The server controls access by setting response headers: Access-Control-Allow-Origin specifies allowed origins, Access-Control-Allow-Methods specifies allowed HTTP methods, and Access-Control-Allow-Headers specifies allowed headers. Preflight OPTIONS requests are sent for non-simple requests to check permissions before the actual request.

HTTP long polling keeps a request open until the server has data, then responds and the client immediately reopens a new request. Simple but creates overhead from repeated connections. Server-Sent Events (SSE) is a one-way channel from server to client over a persistent HTTP connection. Simple, auto-reconnects, but only server-to-client. WebSocket is a full-duplex persistent connection for bidirectional communication. More complex but efficient for chat, gaming, and real-time collaboration. Use SSE for notifications and feeds, WebSocket for interactive real-time features, and long polling as a fallback when neither is available.

JWT (JSON Web Token) is a compact, URL-safe token containing a header (algorithm), payload (claims like user ID and expiration), and signature. The flow: user logs in with credentials, server validates them and returns a signed JWT, client stores the JWT (typically in memory or httpOnly cookie) and sends it with subsequent requests in the Authorization header. The server verifies the signature without querying a database. Advantages: stateless, scalable. Risks: cannot be revoked before expiration (use short expiry plus refresh tokens), size grows with claims, must use httpOnly cookies to prevent XSS theft.

Docker packages applications and their dependencies into containers, which are lightweight, isolated environments that share the host OS kernel. Unlike VMs, containers do not need a full guest OS, making them faster to start and more resource-efficient. Docker ensures consistency across development, staging, and production environments (the "it works on my machine" problem). A Dockerfile defines the container image, Docker Compose orchestrates multi-container applications, and container registries (Docker Hub, ECR) store and distribute images.

CI (Continuous Integration) automatically builds and tests code every time a developer pushes changes. CD (Continuous Deployment/Delivery) automatically deploys tested code to production or a staging environment. CI catches bugs early by running tests on every commit. CD reduces deployment risk by making deployments small and frequent rather than large and infrequent. A typical pipeline: push to Git, trigger build, run unit tests, run integration tests, build container image, deploy to staging, run smoke tests, deploy to production. Tools: GitHub Actions, GitLab CI, Jenkins, CircleCI.

Kubernetes is a container orchestration platform that automates deployment, scaling, and management of containerized applications. It provides service discovery, load balancing, auto-scaling, self-healing (restarting failed containers), rolling updates, and configuration management. Use Kubernetes when you have multiple services that need to scale independently, when you need automated failover and self-healing, or when you deploy frequently across multiple environments. It adds significant operational complexity, so it is overkill for simple applications with low scale. Consider managed services like EKS, GKE, or AKS to reduce operational burden.

Vertical scaling (scaling up) adds more resources (CPU, RAM) to an existing machine. It is simple but has physical limits and creates a single point of failure. Horizontal scaling (scaling out) adds more machines to distribute the load. It requires application design for distribution (stateless services, shared-nothing architecture) but provides theoretically unlimited scale and redundancy. Most production systems use horizontal scaling for application servers (stateless, behind a load balancer) and a combination of both for databases (vertical for writes, horizontal read replicas).

Never store secrets in code, environment variables in plain text, or version control. Use a secrets manager like AWS Secrets Manager, HashiCorp Vault, or Google Secret Manager. These provide encrypted storage, access control, automatic rotation, and audit logging. For Kubernetes, use encrypted Secrets objects or external secrets operators that sync from a secrets manager. In CI/CD pipelines, use the platform's built-in secret management (GitHub Secrets, GitLab CI variables). Rotate secrets regularly and use short-lived credentials where possible (IAM roles, short-lived tokens).