Interview Prep

Appearance

Interview Prep

Target role: Senior Software Engineer (Java/Spring backend, event-driven microservices, DevOps). Typical stack coverage: Java/Spring, Kafka/JMS-family brokers (IBM MQ, ActiveMQ), ArgoCD/Kubernetes/Helm, MongoDB/Postgres/DynamoDB, a front-end (React/Angular), and observability.

This document is organized into two halves:

  1. Technical questions — grouped by topic, with hints/what-to-hit where useful
  2. Behavioral questions — STAR-format prompts for a senior backend profile

Study tip: for every question, try to tie your answer to something concrete you built. Specifics beat generalities.

TABLE OF CONTENTS

  1. Core Java
  2. Spring Boot / Spring Framework
  3. Concurrency & Multithreading
  4. Messaging — Kafka, IBM MQ, ActiveMQ, JMS
  5. Microservices & Distributed Systems
  6. System Design
  7. REST APIs & Web Services
  8. Databases (SQL + NoSQL)
  9. DevOps — CI/CD, ArgoCD, GitOps, Kubernetes, Helm
  10. Cloud (AWS)
  11. Observability — OpenTelemetry, Elasticsearch, Logging
  12. Security & Secure Coding
  13. Data Formats — Avro, JAXB/XML, JSON
  14. Testing & TDD
  15. Frontend (React / Angular / TypeScript)
  16. Algorithms & Data Structures (Warm-up)
  17. Behavioral & Leadership
  18. Questions YOU Should Ask Them

1. Core Java

  1. What's the difference between == and .equals()? Hit: reference vs value, contract between equals and hashCode.
  2. Walk me through the hashCode/equals contract. What happens if you break it?HashMap/HashSet lookups break, duplicates appear, retrieves miss.
  3. Difference between ArrayList, LinkedList, and Vector. O(1) vs O(n) access, synchronization, modern preference for ArrayList + explicit sync.
  4. HashMap vs LinkedHashMap vs TreeMap vs ConcurrentHashMap. Ordering guarantees, thread-safety, performance.
  5. How does HashMap internally work (Java 8+)? Buckets → linked list → red-black tree (treeify at 8, untreeify at 6).
  6. Checked vs unchecked exceptions. When do you throw each? Recoverable vs programmer error; Spring's tendency toward unchecked.
  7. What is the try-with-resources statement? What interface does it require? AutoCloseable.
  8. Immutability — how do you make a class truly immutable? final class, final fields, no setters, defensive copies, no leaking this.
  9. String vs StringBuilder vs StringBuffer. Immutability, thread-safety cost.
  10. What is the string pool? new String("abc") vs "abc"?
  11. Java generics — what is type erasure? Why can't you do new T()?
  12. Covariance vs contravariance — what does List<? extends T> vs List<? super T> mean? PECS (Producer Extends, Consumer Super).
  13. What is Optional and when should you NOT use it? Don't use as field or method parameter; return-type only.
  14. Streams — difference between intermediate and terminal operations. What is lazy evaluation?
  15. Explain map vs flatMap.
  16. What does parallelStream() actually do and when is it a bad idea? ForkJoinPool common pool, ordering, shared state pitfalls.
  17. Functional interfaces — name the core ones in java.util.function. Function, Predicate, Consumer, Supplier, BiFunction.
  18. Records (Java 14+) — what do they give you? When shouldn't you use them? Auto-generated equals/hashCode/toString/accessors; not for mutable state.
  19. Sealed classes/interfaces — what problem do they solve? Exhaustive pattern matching, controlled inheritance for domain types.
  20. Pattern matching for instanceof and switch — show an example.
  21. Text blocks — what are they and why do they matter for embedded JSON/SQL/XML?
  22. Virtual threads (Java 21) — what are they, how do they differ from platform threads, what about pinning?
  23. JVM memory model — heap, stack, metaspace, young gen, old gen.
  24. What is a StackOverflowError vs OutOfMemoryError? How do you diagnose each?
  25. Garbage collectors — G1 vs ZGC vs Shenandoah. When would you pick ZGC? Low-latency, large heaps.
  26. How do you analyze a memory leak in a running JVM? Heap dump → Eclipse MAT / VisualVM, histogram, dominator tree.
  27. What's the difference between final, finally, and finalize? finalize is deprecated — know that.
  28. Serialization — why is Serializable considered dangerous? Gadget chains, attack surface; prefer JSON/protobuf/Avro.
  29. Java modules (JPMS) — what problem do they solve?
  30. How do you handle null safely without wrapping everything in Optional? Objects.requireNonNull, annotations (@NonNull), defensive checks at boundaries.

2. Spring Boot / Spring Framework

Full study guide: see SPRING.md — deep dive on IoC, AOP, transactions, security, WebFlux, Cloud, Boot 3.x features.

  1. What is dependency injection and why does Spring use it?
  2. Constructor injection vs field injection vs setter injection — which does Spring recommend and why? Constructor: immutable, required deps, testable, no reflection games.
  3. @Component vs @Service vs @Repository vs @Controller — do they actually differ? Same at runtime; @Repository adds persistence-exception translation.
  4. Bean scopes — singleton, prototype, request, session. Default singleton pitfalls with mutable state.
  5. What is the Spring Bean lifecycle? @PostConstruct, InitializingBean, @PreDestroy.
  6. How does Spring Boot auto-configuration work? spring.factories / AutoConfiguration.imports, @Conditional annotations.
  7. What is @SpringBootApplication composed of? @Configuration + @EnableAutoConfiguration + @ComponentScan.
  8. Profiles — how would you configure different beans for dev/staging/prod? @Profile, spring.profiles.active.
  9. Externalized configuration — precedence order (env vars, CLI args, application.yml, etc.).
  10. What is Spring AOP and when have you used it? Cross-cutting: logging, auth, transactions.
  11. How do @Transactional boundaries work? What breaks them? Self-invocation, private methods, proxy limitations, propagation.
  12. Propagation levels — REQUIRED, REQUIRES_NEW, NESTED, SUPPORTS. Give a use case for each.
  13. What happens if you throw a checked exception from a @Transactional method? Default rollback is on unchecked — must set rollbackFor.
  14. Spring MVC request lifecycle — what happens from HTTP request to controller method?
  15. @RestController vs @Controller.
  16. How do you handle exceptions globally in Spring? @ControllerAdvice + @ExceptionHandler.
  17. What is Spring Data and how does it generate repository implementations? Proxies, method-name parsing, @Query.
  18. Actuator — what endpoints do you expose in production and which do you lock down? /health, /info, /metrics open; /env, /heapdump restricted.
  19. How would you secure a Spring Boot REST API? Spring Security, OAuth2/JWT, method security, CSRF for browser-based, CORS config.
  20. What is Spring WebFlux? When would you reach for it over Spring MVC? Reactive, non-blocking I/O, high concurrency with few threads. Note: virtual threads change this calculus.
  21. How do you write an integration test for a Spring Boot app? @SpringBootTest, @DataMongoTest, Testcontainers, @MockBean.
  22. Explain @ConfigurationProperties vs @Value. Type-safe binding vs one-off injection.
  23. Circular bean dependencies — how does Spring handle them and how do you avoid them?
  24. How does Spring Boot's embedded Tomcat/Jetty/Undertow differ? How would you tune connection/thread pools?
  25. What is a BeanPostProcessor and when would you write one?

3. Concurrency & Multithreading

  1. Runnable vs Callable vs Thread.
  2. synchronized vs ReentrantLock — when pick which? ReentrantLock for tryLock, fairness, interruptible.
  3. What is volatile and when is it sufficient (vs requiring synchronized)? Visibility only, not atomicity.
  4. What does AtomicInteger give you that volatile int doesn't? CAS-based compound ops.
  5. Executor framework — newFixedThreadPool vs newCachedThreadPool vs newSingleThreadExecutor. Unbounded queue risks.
  6. Why is Executors.newFixedThreadPool considered dangerous in production? Unbounded LinkedBlockingQueue → OOM. Prefer explicit ThreadPoolExecutor.
  7. CompletableFuture — how does it chain async operations? How do you combine multiple futures? thenCompose, thenCombine, allOf, anyOf.
  8. Deadlock — what are the four conditions, how do you prevent it?
  9. What's a race condition? Give an example.
  10. Producer-consumer pattern using a BlockingQueue.
  11. What is the ForkJoinPool and work-stealing?
  12. ConcurrentHashMap internals — how does it achieve thread safety without full locking? Per-bucket locks (Java 8+).
  13. Virtual threads — what workloads benefit? What should you avoid? Good: blocking I/O. Bad: CPU-bound, long synchronized blocks (pinning).
  14. ThreadLocal — when have you used it? What's the leak risk in thread pools?

4. Messaging — Kafka, IBM MQ, ActiveMQ, JMS

Deep-dive companion: DISTRIBUTED_SYSTEMS.md — Parts 3 (messaging fundamentals), 4 (Kafka deep dive), and 5 (IBM MQ / ActiveMQ / RabbitMQ / JMS) expand every question below with concepts, diagrams, Spring code, and model answers.

This is your strongest territory. Expect deep questions here.

Kafka

  1. Explain Kafka's architecture — broker, topic, partition, consumer group.
  2. How does Kafka guarantee ordering? At what scope? Within a partition only.
  3. What determines which partition a message goes to? Key hash, or round-robin if no key.
  4. Consumer groups — what happens when a new consumer joins? When one crashes? Rebalance, partition reassignment.
  5. Delivery semantics — at-most-once, at-least-once, exactly-once. How is each achieved? Producer acks, idempotent producer, transactions.
  6. What is the difference between acks=0, acks=1, and acks=all?
  7. Kafka retention — log-based vs compacted topics.
  8. What is a dead-letter topic and how would you set one up?
  9. How do you handle a poison-pill message in a consumer? Error handler, retry template, DLT.
  10. How would you design a Kafka consumer that processes 10k+ msgs/day reliably? Idempotency, commit-after-process, DLT, monitoring lag.
  11. Consumer lag — how do you monitor and alert on it?
  12. Schema evolution — backward vs forward vs full compatibility. Which does Avro default to and why does that matter?
  13. What is the schema registry's role?
  14. When would you NOT use Kafka? Small volume pub/sub, request/reply, strong transactional needs across heterogeneous systems.

IBM MQ / JMS / ActiveMQ

  1. What is JMS and how does Spring integrate with it? JmsTemplate, @JmsListener, MessageConverter.
  2. Queue vs topic (JMS model).
  3. How does IBM MQ differ from Kafka architecturally? Broker-centric, per-message ack, transactional, not log-based.
  4. Persistent vs non-persistent messages in IBM MQ.
  5. What is a backout queue and when is a message moved there?
  6. How did you integrate IBM MQ with your Spring Boot app? Connection factory, listener container, error handling. — Be ready to walk through a real integration you've built.
  7. XA / distributed transactions across MQ and DB — when do you need them? What's the cost?
  8. How would you guarantee no message loss between IBM MQ and AWS ActiveMQ in a bridge/migration scenario?
  9. How do you handle message redelivery / poison messages in ActiveMQ?
  10. When would you choose IBM MQ over Kafka, or vice versa? Legacy integration, transactional guarantees, mainframe interop → MQ. High-throughput event streaming → Kafka.

5. Microservices & Distributed Systems

Deep-dive companion: DISTRIBUTED_SYSTEMS.md — Parts 1 (fundamentals: CAP, PACELC, consistency, clocks), 2 (replication, consensus, partitioning), 6 (microservices patterns), and 7 (resilience) cover every topic below with full worked answers, plus Part 9 system-design drills.

  1. What's the difference between a monolith and microservices? When is a monolith the right choice?
  2. What problems does a service mesh solve? mTLS, retries, traffic shifting, observability.
  3. Synchronous (REST) vs asynchronous (event-driven) communication — tradeoffs.
  4. Circuit breaker pattern — how does it work? Closed → open → half-open. Resilience4j.
  5. Retry pattern — why is naive retry dangerous? Retry storms, idempotency requirements, exponential backoff + jitter.
  6. Saga pattern — orchestration vs choreography. When to use each.
  7. Distributed transactions — two-phase commit vs saga vs outbox pattern.
  8. Outbox pattern — what problem does it solve? Dual-write between DB and message broker.
  9. Idempotency — how do you make a POST endpoint idempotent? Idempotency keys, dedup stores.
  10. CAP theorem — explain with a concrete example.
  11. Eventual consistency — when is it acceptable? How do you explain it to a non-technical stakeholder?
  12. Service discovery — client-side vs server-side. Examples.
  13. API gateway — what does it do and what are the pitfalls? Single point of failure, feature creep.
  14. How do you version a REST API in a microservices world? URL versioning, header versioning, deprecation strategy.
  15. How do you correlate logs across microservices for a single user request? Correlation IDs, W3C trace context, OpenTelemetry.
  16. How do you deploy a breaking database schema change across 6 microservices that all read that table? Expand-contract, backward-compatible intermediate schema.
  17. What happens when a downstream service is slow? How do you prevent cascading failure? Bulkheads, timeouts, circuit breakers.
  18. Service-to-service auth — mTLS vs JWT vs OAuth2 client credentials. Tradeoffs.

6. System Design

Expect one mid-depth design problem (~30–45 min). Framework: clarify → requirements (functional + non-functional) → API → data model → high-level architecture → deep-dive on 1–2 components → scaling/failure modes.

Likely prompts for a senior backend profile

  1. Design a system that ingests 10k+ transactions/day from IBM MQ and routes to downstream microservices. Classic legacy-MQ integration prompt. Be ready to whiteboard it.
  2. Design a message bridge between IBM MQ (on-prem) and AWS ActiveMQ. Network isolation, security, failover, dedup.
  3. Design a centralized logging/observability pipeline for 20+ microservices. OpenTelemetry → collector → Elasticsearch/Kibana.
  4. Design a GitOps deployment system for 10+ microservices across dev/staging/prod. ArgoCD ApplicationSet, Helm, secret management (Sealed Secrets / External Secrets).
  5. Design a URL shortener. Classic. Base62, hash collisions, analytics pipeline, cache.
  6. Design a rate limiter. Token bucket vs leaky bucket vs sliding window. Where to put it (gateway vs sidecar).
  7. Design a notification system (email + SMS + push). Queue, fan-out, retries, user prefs.
  8. Design a file upload service with virus scanning. Pre-signed URLs, scan queue, quarantine.
  9. Design an audit log service for a regulated environment. Append-only, tamper-evident, retention policies.
  10. Design a schema registry and evolution workflow for a multi-team Kafka environment. Pairs with cross-team schema-standardization work.

Questions they might ask during system design

  • How would this handle 10x traffic?
  • Where's the single point of failure?
  • What's your data partitioning strategy?
  • How do you handle a brief region outage?
  • How do you migrate from the old system without downtime?
  • What does the rollback plan look like?
  • What's your caching strategy and cache invalidation policy?
  • What metrics would you alert on?

7. REST APIs & Web Services

  1. What makes an API "RESTful"? Stateless, resource-oriented, uniform interface, HATEOAS (often skipped in practice).
  2. Idempotency of HTTP methods — which are idempotent? GET, PUT, DELETE, HEAD. POST is not.
  3. When do you use PUT vs PATCH vs POST?
  4. HTTP status codes — what's the difference between 401 and 403? 401 = unauthenticated, 403 = authenticated but forbidden.
  5. When would you return 202 vs 200? Async processing accepted.
  6. How do you design pagination? Offset/limit vs cursor-based; tradeoffs.
  7. How do you handle partial failure in a bulk API? 207 Multi-Status, per-item errors.
  8. What is HATEOAS and when is it actually useful?
  9. API versioning strategies and migration.
  10. How do you document an API? OpenAPI/Swagger, Postman collections — and a habit of maintaining them per endpoint.
  11. gRPC vs REST — when pick each? Internal service-to-service, streaming, strict contracts → gRPC.

8. Databases (SQL + NoSQL)

SQL (Postgres, MySQL, SQL Server)

  1. ACID — explain each letter with a concrete example.
  2. Isolation levels — read uncommitted, read committed, repeatable read, serializable. What anomalies does each prevent? Dirty read, non-repeatable read, phantom read.
  3. What is MVCC and how does Postgres use it?
  4. Indexes — B-tree vs hash vs GIN. When do indexes hurt you? Write amplification, bloat.
  5. Covering index — what is it?
  6. When would you denormalize?
  7. EXPLAIN/EXPLAIN ANALYZE — how do you read a query plan?
  8. N+1 query problem — how do you spot and fix it in JPA/Hibernate? JOIN FETCH, entity graphs, @BatchSize.
  9. Connection pooling — why, and what happens when the pool is exhausted? HikariCP defaults.
  10. Pessimistic vs optimistic locking. Give a use case for each.
  11. Transactions — what happens if the client disconnects mid-transaction?

NoSQL (MongoDB, DynamoDB)

  1. When would you pick MongoDB over Postgres? Flexible schema, document-oriented data, horizontal scale with sharding.
  2. MongoDB indexes — how does compound index prefix matching work?
  3. MongoDB transactions — what are the limitations? Replica set required, performance cost.
  4. DynamoDB — partition key vs sort key. What is a hot partition?
  5. DynamoDB — GSI vs LSI, and the consistency guarantees of each.
  6. DynamoDB — single-table design, what problem does it solve?
  7. How do you model a one-to-many relationship in DynamoDB?
  8. Read capacity units / write capacity units — on-demand vs provisioned.

Cross-cutting

  1. How do you migrate a zero-downtime schema change for a column rename? Dual-write → backfill → dual-read → cutover → cleanup.
  2. When would you use a cache (Redis) in front of a DB? What are the invalidation strategies? Cache-aside, write-through, write-behind.

9. DevOps — CI/CD, ArgoCD, GitOps, Kubernetes, Helm

CI/CD & GitOps

  1. What is GitOps and how does ArgoCD implement it? Git as source of truth, declarative, pull-based reconciliation.
  2. ArgoCD — what does sync policy automated + selfHeal + prune actually do?
  3. What's the difference between push-based (Jenkins) and pull-based (ArgoCD) deployments?
  4. How does ArgoCD detect drift? Continuous reconciliation loop, compares live state to Git.
  5. App-of-apps vs ApplicationSet — when use each? ApplicationSet generates apps from a matrix/cluster/git generator; scales better.
  6. How do you drive a 99%+ deployment success rate? What metrics would you track? DORA four keys: deployment frequency, lead time, change failure rate, MTTR.
  7. Rollback strategy with ArgoCD — how? Git revert (source of truth), or argocd app rollback.
  8. Blue/green vs canary vs rolling deployments — tradeoffs. Argo Rollouts for canary.
  9. GitHub Actions — how do you structure workflows for build, test, scan, deploy?
  10. How do you handle secrets in GitOps? Sealed Secrets, External Secrets Operator, SOPS, Vault.

Kubernetes & Helm

  1. Pod vs Deployment vs StatefulSet vs DaemonSet.
  2. Deployment vs StatefulSet — when need StatefulSet? Stable network ID, stable storage, ordered startup — databases, Kafka.
  3. Service types — ClusterIP, NodePort, LoadBalancer, ExternalName. Ingress vs Service.
  4. What is a ConfigMap vs Secret, and how do you mount them?
  5. Liveness vs readiness vs startup probes — what happens on failure of each?
  6. What is a Horizontal Pod Autoscaler? What metrics can it scale on?
  7. Resource requests vs limits — what happens if you exceed each? CPU throttled, memory OOMKilled.
  8. Pod eviction — when does the kubelet evict? Node pressure, priority classes.
  9. Network policies — what problem do they solve?
  10. How does a Helm chart work? What's the templating engine? Go templates. values.yaml, Chart.yaml, _helpers.tpl.
  11. Helm hooks — pre-install, post-upgrade. Use case? Migrations, CRD installation.
  12. How do you share a Helm chart across 5+ microservices? Umbrella chart, library chart, chart dependencies.
  13. OpenShift vs vanilla Kubernetes — what's different? SCCs, Routes, oc CLI, built-in registry, opinionated.
  14. How does OpenShift's SCC (Security Context Constraints) differ from Pod Security Standards?
  15. What is a CRD and an Operator? When would you build one?
  16. Debugging — pod is CrashLoopBackOff. Walk me through what you check. kubectl describe pod, kubectl logs --previous, events, resource limits.
  17. Debugging — pod is ImagePullBackOff. Common causes? Wrong image name/tag, registry auth missing, network issue.

Docker

  1. Multi-stage Docker build — why? Small runtime image, no build tools in prod.
  2. What is layer caching? How do you order Dockerfile instructions to maximize cache hits?
  3. Distroless vs Alpine vs Ubuntu base images — tradeoffs.
  4. What's the difference between ENTRYPOINT and CMD?
  5. Docker Compose — when would you still use it? Local dev, simple single-host.

10. Cloud (AWS)

  1. EC2 vs ECS vs EKS vs Lambda — when pick each?
  2. IAM — difference between a role, a user, and a policy. How does a pod on EKS assume an AWS role? IRSA (IAM Roles for Service Accounts).
  3. S3 — storage classes, lifecycle policies, versioning, bucket policies vs ACLs.
  4. S3 pre-signed URL — what problem does it solve?
  5. SQS vs SNS vs EventBridge — when use each?
  6. SQS — standard vs FIFO.
  7. VPC — public vs private subnet, NAT gateway, security group vs NACL.
  8. CloudFront — how does it work with S3 / with an ALB?
  9. How do you monitor costs? Cost Explorer, budgets, tags.
  10. How would you migrate an on-prem Spring Boot app to AWS? Lift-and-shift vs replatform vs refactor. ECS/EKS/ElasticBeanstalk tradeoffs.

11. Observability — OpenTelemetry, Elasticsearch, Logging

  1. Three pillars of observability — logs, metrics, traces. What does each answer?
  2. What is OpenTelemetry and what does it standardize? Vendor-neutral API/SDK/protocol (OTLP).
  3. Distributed tracing — what is a span, a trace, and a trace context?
  4. How do you propagate trace context across service boundaries? W3C traceparent header.
  5. Structured logging — why JSON logs matter.
  6. How do you correlate a log line with a trace? Inject trace_id / span_id into MDC.
  7. Elasticsearch — what is an inverted index?
  8. ES — shard vs replica. How do you size them?
  9. ES — how do you handle mapping explosions?
  10. Metrics — counter vs gauge vs histogram vs summary. When pick each?
  11. USE method vs RED method — when apply each? USE (Utilization, Saturation, Errors) for resources; RED (Rate, Errors, Duration) for services.
  12. What SLIs/SLOs would you set for a REST API?
  13. How do you alert on a distributed system without causing alert fatigue? Symptom-based alerts on SLOs, not every resource.

12. Security & Secure Coding

  1. OWASP Top 10 — name as many as you can, with a Spring mitigation for each. Injection, broken auth, sensitive data exposure, XXE, broken access control, security misconfig, XSS, insecure deserialization, vulnerable components, insufficient logging.
  2. SQL injection — how does parameterized JDBC/JPA prevent it? When do you still have risk? String-built JPQL, native queries with concatenation.
  3. XXE — how do you disable it in JAXB / DocumentBuilder? Set the secure-processing feature, disable external DTDs and entities.
  4. CSRF vs CORS — what does each protect against?
  5. How does JWT work? What's the difference between a JWT and a session cookie?
  6. JWT pitfalls — alg: none, key confusion, long expirations, no revocation.
  7. OAuth2 flows — authorization code (with PKCE), client credentials, device code. Use cases.
  8. mTLS — how does it differ from one-way TLS? When require it?
  9. Secret management — why is committing a .env file bad even in a private repo?
  10. Supply chain security — SBOM, Dependabot, Snyk, OWASP Dependency Check. Know what each catches and where it fits in CI.
  11. How do you handle PII in logs? Redaction, structured logging with allowlists.
  12. What is the principle of least privilege and how do you apply it in Kubernetes? RBAC, SAs per workload, NetworkPolicies, no root containers.
  13. Container security — what does runAsNonRoot: true do? What is a rootless container?
  14. How do you rotate secrets without downtime?
  15. Log4Shell — what was the vuln and how did you mitigate it? JNDI lookup in log messages; upgrade or disable lookups.

13. Data Formats — Avro, JAXB/XML, JSON

  1. Why Avro over JSON for Kafka? Schema enforcement, compact binary, schema evolution.
  2. Schema evolution — what's a backward-compatible change vs a breaking change in Avro? Adding field with default = backward; removing required field = breaking.
  3. Standardizing Avro schemas across several teams — what are the common pitfalls? Type mismatches, naming, enum drift, missing defaults.
  4. Schema registry — subject naming strategies (TopicName, RecordName, TopicRecordName).
  5. JAXB — what's the difference between XML-first (XSD → Java) and Java-first (annotations)? XSD-first gives strict schema validation; Java-first is quicker for internal types.
  6. When would you migrate from a templating engine (e.g., Thymeleaf) to JAXB for XML output? Templating is error-prone for XML; JAXB gives schema validation and type safety.
  7. How do you handle XML namespaces in JAXB? @XmlSchema, package-info.java.
  8. XML vs JSON vs Protobuf vs Avro — when use each?
  9. How do you prevent XXE in JAXB? Set XMLInputFactory properties, disable external entities.

14. Testing & TDD

  1. TDD cycle — red, green, refactor. What's the hardest part in practice?
  2. Unit vs integration vs end-to-end — what's the right ratio? Test pyramid.
  3. Mockito — what's the difference between mock, spy, @Mock, @InjectMocks?
  4. When do you mock vs use a real collaborator? Mock at architectural boundaries; real for POJOs / value objects.
  5. verify() vs assert — what's the philosophical difference? Behavior vs state.
  6. Testcontainers — why use it over H2/embedded Mongo? Real engine, avoids false positives.
  7. How do you test a Kafka consumer? Embedded Kafka, Testcontainers Kafka, @KafkaListener + CountDownLatch.
  8. How do you test a @Transactional rollback?
  9. Flaky tests — how do you diagnose? Shared state, timing, external deps, test ordering.
  10. Code coverage — is 100% the goal? No — meaningful assertions matter; chase value, not the number.
  11. Contract testing — what is Pact and when use it?
  12. What's your review checklist for PRs with a TDD focus? Tests-before-fix, failure-mode coverage, mock boundaries, assertion specificity.

15. Frontend (React / Angular / TypeScript)

React

  1. Class components vs function components + hooks.
  2. useState vs useReducer — when switch?
  3. useEffect — what goes in the dep array, what are common pitfalls? Missing deps, infinite loops, stale closures.
  4. useMemo vs useCallback — what do they actually do?
  5. How do you lift state up? When do you reach for Context vs Redux vs Zustand?
  6. React re-render triggers — why did my component re-render?
  7. Keys in lists — why do they matter?

Angular (legacy but on your resume)

  1. Angular vs AngularJS — why is the migration painful? Full rewrite, different component model.
  2. Dependency injection in Angular — hierarchical injectors.
  3. Observables vs Promises — why RxJS?

TypeScript

  1. interface vs type — when use each?
  2. unknown vs any — why prefer unknown?
  3. Generics in TS — practical use case.
  4. Structural typing — what's surprising about it?

Cross-cutting

  1. How do you handle loading states and error boundaries for an async API call?
  2. How would you reduce an Angular/React bundle size? Code splitting, lazy routes, tree shaking, analyzer.

16. Algorithms & Data Structures (Warm-up)

Not a LeetCode-heavy profile, but expect 1–2 warm-ups:

  1. Reverse a linked list. Iterative + recursive.
  2. Two-sum. Hash map, O(n).
  3. Valid parentheses. Stack.
  4. Merge two sorted lists / arrays.
  5. Find duplicates in an array. Set, or Floyd's cycle if constrained.
  6. LRU cache. LinkedHashMap with accessOrder=true, or doubly-linked list + hash map.
  7. Top K frequent elements. Heap or bucket sort.
  8. Given a stream of events, return the top N by count in the last hour. Sliding window + heap — a natural fit for messaging workloads.
  9. Binary search on a rotated sorted array.
  10. BFS vs DFS — when use each?

Practice: speak your thinking out loud, state brute force first, discuss complexity, then optimize.

17. Behavioral & Leadership

Use STAR (Situation, Task, Action, Result). Quantify where you can — reach for concrete numbers (throughput, deploy rate, defect reduction).

Ownership & Impact

  1. Walk me through a project you're most proud of. Candidates: a legacy MQ integration, a cross-team schema standardization, an XML-schema migration.
  2. Tell me about a time you identified a problem no one else saw. — Inconsistent schemas drifting across several teams is a classic.
  3. Describe a time you shipped something under tight deadlines.
  4. What's the most technically challenging problem you've solved?
  5. Tell me about a decision you made that had long-term impact on a system.

Conflict & Disagreement

  1. Tell me about a time you disagreed with a teammate/architect. How did you resolve it?
  2. How do you handle code review pushback from a senior engineer you disagree with?
  3. Describe a time you had to push back on a product/business stakeholder.
  4. Tell me about a conflict between two team members you mediated. — Mentorship/lead angle.

Failure & Learning

  1. Tell me about a time you broke production. Be honest, focus on RCA and prevention. What monitoring/tests you added after.
  2. Describe a project that failed or missed expectations. What did you learn?
  3. Tell me about a piece of code you shipped that you later regretted. Why?
  4. Tell me about feedback you received that was hard to hear.

Leadership, Mentorship, Collaboration

  1. Tell me about a time you mentored a cohort of interns or juniors. Sprint length, standups, PR review cadence, curriculum.
  2. How would you improve sprint completion from 60% to 85%? Walk through the specific levers you'd pull.
  3. Describe your PR review philosophy. TDD focus, defect reduction — what specifically do you look for?
  4. How do you onboard a new developer to a complex codebase?
  5. Tell me about a time you influenced a technical decision without formal authority.
  6. How do you balance mentoring with delivering your own work?
  7. Describe a time you had to deliver hard feedback to someone.

Working with Ambiguity

  1. Describe a project where the requirements changed mid-flight.
  2. Tell me about a time you had to make a decision with incomplete information.
  3. How do you approach a brand-new codebase you've never seen?

Prioritization & Process

  1. How do you prioritize when everything feels urgent?
  2. Describe how your team runs Agile. What works, what doesn't?
  3. How do you handle tech debt vs feature work pressure?

Communication & Stakeholders

  1. Describe a time you had to explain a technical concept to a non-technical stakeholder.
  2. Tell me about a time you presented or represented your team. Org-wide meetings, cross-team reviews, etc.
  3. How do you handle a situation where a stakeholder's ask conflicts with engineering reality?

Culture & Motivation

  1. Why are you looking to leave your current role? Have a positive, forward-looking answer.
  2. Why this company/role? Research them — product, mission, tech stack, recent news.
  3. Where do you see yourself in 3–5 years?
  4. What kind of engineer do you want to become?
  5. How do you stay current with technology? Specific sources — not vague "I read articles."
  6. What's your ideal team culture?

18. Questions YOU Should Ask Them

Always end with 3–5 thoughtful questions. Shows engagement and helps you evaluate them. Pick a mix across:

Team & Role

  1. What does a typical week look like for someone in this role?
  2. How is the team structured, and where does this role fit in?
  3. What are the first 30/60/90 day expectations?
  4. What's the biggest challenge the team is facing right now?
  5. How does the team balance feature work vs tech debt vs platform work?

Technical

  1. What does the deployment pipeline look like end-to-end?
  2. How do you handle on-call / incident response?
  3. What's the testing philosophy here? Coverage targets, integration vs unit ratio?
  4. How do teams share services or libraries across the org?
  5. What does observability look like — logs/metrics/traces — and are engineers empowered to instrument their own code?
  6. What's the most interesting technical problem the team has solved recently?

Growth & Culture

  1. How do engineers grow technically here? Is there a clear senior/staff path?
  2. How are technical decisions made — RFC process, staff engineers, consensus?
  3. What's the code review culture like?
  4. How does the team handle disagreement on technical approaches?
  5. What do you personally like most about working here?

Organizational

  1. How does the team/company measure success?
  2. What's the biggest change you've seen here in the past year?
  3. Is there anything about my background that gives you hesitation I can address?

Final Prep Checklist (Day-Of)

  • [ ] Re-read your resume bullets out loud — can you defend every metric?
  • [ ] Have 3 "hero stories" ready that you can flex into multiple behavioral questions (e.g., a legacy MQ integration, a cross-team schema standardization, a mentorship or intern-leader program).
  • [ ] Know the company's product, tech stack, mission, recent news.
  • [ ] Have your environment ready: water, pen/paper, reliable internet, second monitor for notes.
  • [ ] 3–5 questions prepared to ask them.
  • [ ] Practice a 60-second tell-me-about-yourself. Lead with what you do now, anchor in concrete impact (throughput, deploy rate, mentorship reach), hint at what you're looking for.
  • [ ] Whiteboard/diagramming tool familiar if remote (Excalidraw, Miro).
  • [ ] Deep breath. You're well-prepared for this.

Last updated: