Full Stack Developer Interview Questions

The client side runs in the user's browser and handles UI rendering, user interactions, and presentation logic (HTML, CSS, JavaScript). The server side runs on a remote machine and handles business logic, authentication, database access, and sends responses to the client.

REST (Representational State Transfer) is an architectural style for APIs using HTTP. Its key constraints include statelessness, a client-server separation, uniform interface, cacheability, layered system, and optionally code-on-demand. RESTful APIs use standard HTTP methods: GET, POST, PUT, PATCH, and DELETE.

HTTP transmits data in plain text, making it vulnerable to interception. HTTPS wraps HTTP in TLS/SSL encryption, ensuring data confidentiality, integrity, and server authentication via certificates.

Every HTML element is represented as a rectangular box composed of content, padding (space inside the border), border, and margin (space outside the border). Understanding this model is critical for layout, sizing, and spacing elements correctly.

var is function-scoped and hoisted, which can cause unexpected behavior. let is block-scoped and reassignable. const is block-scoped and cannot be reassigned after declaration, though object properties it holds can still be mutated.

A Promise represents the eventual result of an asynchronous operation, with states: pending, fulfilled, or rejected. async/await is syntactic sugar over Promises that allows asynchronous code to be written in a synchronous style, improving readability while using the same underlying mechanism.

SQL databases are relational, schema-based, and use structured tables with strong ACID guarantees — ideal for complex queries and transactional systems. NoSQL databases (document, key-value, graph, etc.) offer flexible schemas and horizontal scalability, making them better suited for unstructured data, high write throughput, or rapidly evolving data models.

CORS (Cross-Origin Resource Sharing) is a browser security mechanism that blocks requests from a different origin than the server. It is handled server-side by setting headers like Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers, often via middleware in Express or similar frameworks.

The virtual DOM is an in-memory representation of the real DOM. React uses it to batch and diff changes, computing the minimal set of actual DOM updates needed, which is far more performant than directly manipulating the real DOM on every state change.

Indexes are data structures (commonly B-trees) that speed up read queries by allowing the database to find rows without a full table scan. The trade-off is increased storage usage and slower write operations (INSERT, UPDATE, DELETE) because indexes must be maintained on every change.

Authentication verifies who a user is (e.g., checking credentials to confirm identity). Authorization determines what an authenticated user is allowed to do (e.g., role-based access control for specific resources or actions).

A JSON Web Token (JWT) is a compact, self-contained token consisting of a header, payload, and signature, all Base64URL-encoded and dot-separated. The server signs it with a secret or private key; clients send the token in the Authorization header, and the server verifies the signature without requiring a session store.

Node.js runs on a single thread and uses the event loop to handle asynchronous I/O non-blockingly. When an async operation completes, its callback is queued and processed by the event loop, enabling Node.js to handle many concurrent connections without spawning additional threads.

Vertical scaling adds more resources (CPU, RAM) to a single server; horizontal scaling adds more server instances. Horizontal scaling introduces challenges such as session state management (requiring external stores like Redis), distributed data consistency, and the need for a load balancer.

Normalization organizes relational data into tables to eliminate redundancy and ensure data integrity, following normal forms (1NF through BCNF and beyond). Denormalization is intentional introduction of redundancy — often justified in read-heavy systems where join performance is critical and consistency can be managed at the application level.

A WebSocket provides a persistent, full-duplex communication channel over a single TCP connection, allowing both the client and server to push data at any time. Unlike HTTP, which follows a request-response pattern and closes the connection after each exchange, WebSockets maintain an open connection ideal for real-time features like chat or live dashboards.

Microservices decompose an application into small, independently deployable services each owning its own data store, enabling independent scaling, technology diversity, and fault isolation. Trade-offs include increased operational complexity, network latency between services, challenges with distributed transactions, and the need for robust inter-service communication patterns like API gateways and message queues.

Caching can be applied at multiple layers: browser cache, CDN, API gateway, application-level (e.g., Redis for database query results), and database query cache. Cache invalidation strategies include TTL-based expiration, event-driven invalidation (purging on data change), and cache-aside (lazy loading) patterns — the choice depends on acceptable staleness and write frequency.

CI (Continuous Integration) automatically builds and tests code on every commit to catch integration errors early. CD (Continuous Delivery/Deployment) automates the release pipeline to staging or production. Together they reduce manual errors, shorten feedback loops, ensure consistent deployments, and enable teams to ship features faster with greater confidence.