Node.

js Backend Developer — Technical Interview Q&A Guide

1. Core [Link] & JavaScript (ES6+)

1. What is [Link], and why is it suitable for backend development?

Answer:
[Link] is a JavaScript runtime built on Chrome’s V8 engine. It uses an event-driven, non-
blocking I/O model, which makes it efficient for handling many concurrent requests. This
makes [Link] well-suited for APIs, real-time applications, and microservices where
scalability and performance matter.

2. Explain the event loop in [Link].

Answer:
The event loop allows [Link] to handle asynchronous operations. Tasks like I/O, timers, and
promises are delegated to the system or worker threads. Once completed, their callbacks
are queued and executed sequentially by the event loop, allowing [Link] to stay responsive
without blocking the main thread.

3. Difference between var, let, and const?

Answer:

 var: Function-scoped, hoisted, can be redeclared (not recommended).

 let: Block-scoped, reassignable.

 const: Block-scoped, cannot be reassigned (preferred for safety).

Best practice: use const by default, let only when reassignment is needed.

4. What are promises and async/await?

Answer:
Promises represent the eventual result of an asynchronous operation.
async/await is syntactic sugar over promises that makes asynchronous code look
synchronous, improving readability and error handling using try/catch.

5. How does [Link] handle errors?

Answer:
  Synchronous errors: handled with try/catch

 Asynchronous errors: handled using .catch() or try/catch with async/await

 Global handlers: [Link]('uncaughtException') and

2. [Link] & REST API Development

6. What is [Link] and why is it commonly used?

Answer:
[Link] is a minimal [Link] framework for building web servers and APIs. It simplifies
routing, middleware handling, request/response management, and integrates easily with
databases and third-party libraries.

7. What is middleware in Express?

Answer:
Middleware functions sit between the request and response cycle. They can:

 Modify requests/responses

 Perform authentication

 Validate input

 Handle errors

Example: [Link]() for parsing JSON bodies.

8. How do you structure a RESTful API?

Answer:

 Use nouns for endpoints (/users, /orders)

 Use HTTP methods correctly:

o GET – fetch

o POST – create

o PUT/PATCH – update

o DELETE – remove

 Keep controllers thin and business logic in services

Answer:
REST (Representational State Transfer) is an architectural style. Key principles:

 Stateless requests

 Client-server separation

 Resource-based URLs

 Standard HTTP methods

 Use of HTTP status codes

10. How do you handle validation and error handling in Express?

Answer:

 Validation: libraries like express-validator or custom middleware

 Error handling: centralized error-handling middleware using next(err)

 Always return meaningful status codes and error messages

3. SQL Databases (MySQL / PostgreSQL)

11. How does [Link] connect to SQL databases?

Answer:
Using drivers or ORMs like:

 MySQL: mysql2

 PostgreSQL: pg

 ORMs: Sequelize, TypeORM, Prisma

Connections are usually managed using connection pools for performance.

12. Difference between SQL and NoSQL databases?

Answer:

 SQL: Structured schema, relational data, strong consistency (MySQL, PostgreSQL)

 NoSQL: Flexible schema, scalability, unstructured data (MongoDB)

13. What are joins? Explain briefly.

Answer:
Joins combine rows from multiple tables:

 INNER JOIN – matching records

 LEFT JOIN – all left records + matches

 RIGHT JOIN – all right records + matches

Used to normalize data and avoid duplication.

14. How do you prevent SQL injection?

Answer:

 Use parameterized queries

 Avoid string concatenation

 Use ORM query builders

 Validate and sanitize inputs

4. Authentication & Authorization (JWT, OAuth)

15. What is JWT and how does it work?

Answer:
JWT (JSON Web Token) is a stateless authentication mechanism.
Flow:

1. User logs in

2. Server issues a signed token

3. Client sends token in Authorization header

4. Server verifies token for protected routes

16. Difference between authentication and authorization?

Answer:
  Authentication: Who are you?

 Authorization: What are you allowed to do?

JWT handles authentication; role checks handle authorization.

17. What is OAuth, at a high level?

Answer:
OAuth allows users to authenticate using third-party providers (Google, GitHub) without
sharing passwords. The app receives an access token to fetch user information.

18. Where should JWTs be stored on the client?

Answer:

 Prefer HTTP-only cookies (more secure)

 Avoid localStorage for sensitive tokens due to XSS risks

5. Git & Version Control

19. Common Git commands you use daily?

Answer:

 git clone

 git pull

 git checkout -b

 git add

 git commit

 git push

 git merge / git rebase

20. Difference between merge and rebase?

Answer:

 Merge: preserves history, creates merge commits

 Rebase: rewrites history, creates a cleaner linear timeline

Answer:
Manually edit conflicting files, choose correct changes, then commit after testing.

6. Docker & DevOps Basics (Important for This Role)

22. What is Docker and why is it used?

Answer:
Docker packages applications and dependencies into containers, ensuring consistency across
development, testing, and production environments.

23. Explain a basic Dockerfile for a [Link] app.

Answer:

 Use Node base image

 Set working directory

 Copy package files

 Install dependencies

 Copy source code

 Expose port

 Run the app

24. What is the difference between Docker image and container?

Answer:

 Image: blueprint/template

 Container: running instance of an image

25. What is Docker Compose?

Answer:
It defines and runs multi-container applications (e.g., [Link] + database) using a single
configuration file.
7. Architecture & Design

26. What is MVC architecture?

Answer:

 Model: data logic

 View: presentation

 Controller: request handling

In APIs, views are usually JSON responses.

27. What is a service-based architecture?

Answer:
Business logic is separated into service layers, making code modular, testable, and easier to
scale.

28. How do you ensure scalability in a [Link] application?

Answer:

 Stateless APIs

 Load balancing

 Caching

 Database indexing

 Horizontal scaling with containers

8. Performance, Debugging & Best Practices

29. How do you improve API performance?

Answer:

 Optimize database queries

 Use caching (Redis)

 Avoid blocking operations

 Use async processing

30. How do you debug a [Link] application?

Answer:

 Console logging

 Debugger tools

 Structured logging

 Monitoring errors and performance metrics

31. How do you secure a [Link] backend?

Answer:

 Input validation

 Authentication & authorization

 HTTPS

 Rate limiting

 Secure headers

 Environment variables for secrets

9. Real-World Scenario Questions

32. How would you design a login API?

Answer:

 Validate input

 Check user existence

 Compare hashed password

 Generate JWT

 Return token securely

33. How would you integrate a third-party API?

 Use HTTP client (axios, fetch)

 Handle retries and failures

 Validate responses

 Secure API keys using environment variables

34. What happens when your [Link] server crashes?

Answer:

 Use process managers (PM2)

 Implement logging and monitoring

 Restart containers automatically

 Investigate root cause via logs