36 Questions You Should Ask a Node Developer on the Interview
You are thirty-six questions away from hiring your perfect Node.js developer!
In my previous article, I have talked about which React interview questions to ask in order to hire a professional developer. Luckily, React technical interviews are not the only ones I conduct. I also specialize in Node.js development, and I will be ready to help you find your perfect candidate. Let me offer you 36 Node js interview questions and answers for experienced developers.
As in the case with React interview, you have to remember the most important rule of a successful interview: interview questions on Node.js are not the only ones you should ask.
My practice has shown that the best approach is to divide Node js interview questions into seven blocks:
- General programming
- JavaScript
- Database
- Node js questions
- Network data transfer
- Security
- Code testing
Same as before, I will explain why each block is important for the developer to know. Under each question, I will also offer the approximate answers you should expect to receive.
Programming Basics
Why to ask these questions:
Node.js development is never exclusively about Node.js. Sooner or later, the developer will have to deal with other technologies, programming approaches, and challenges. The level of basic programming knowledge shows how prepared the candidate is to broaden their professional horizons.
1. What are the pros and cons of monolithic and microservice architecture?
What answer to expect:
Monolithic architecture is easier to work with as it is linear and more fixed than microservices architecture. At the same time, monolithic components are tightly coupled, which complicates scalability, management, and continuous deployment.
Microservice architecture is more complex, and therefore, harder to work with. The performance of such apps is also poorer because the communication between microservices requires more resources. However, this architecture is easier to scale and faster to develop.
2. What sorting algorithms are you familiar with, and how do they differ?
What answer to expect:
There are a lot of different algorithms, such as selection sort, bubble sort, quick sort, insertion sort, or merge sort. Each of these approaches has its own principle, its own algorithm, as well as its benefits and drawbacks. For instance, selection sort is looking for the minimum element from the unsorted part and placing it at the beginning of the array. Meanwhile, bubble sorting is looking at two neighbor elements, comparing them, and ordering the two of them.
3. How do you measure the complexity of a sorting algorithm? Have you ever had a chance to optimize algorithms?
What answer to expect:
The complexity of algorithms is measured by the amount of time they take to complete and by the amount of memory that they require. The complexity of sorting algorithms is marked as O, and there are different types of it:
- O(n) — linear complexity (for example, maximum element search algorithm),
- O(log n) — logarithmic complexity (for example, binary search),
- O (n²) — square complexity (for example, insertion sort).
4. What is the difference between horizontal and vertical scaling?
What answer to expect:
Horizontal scaling stands for extending the pool of resources by adding more machines. Vertical scaling stands for extending the resources of existing machines by adding more power to them, for instance, advancing CPU or RAM.
5. What do you know about ACID, CAP, and SOLID patterns? Have you got a chance to use them on actual projects?
What answer to expect:
The ACID pattern stands for a set of properties of database transactions, which includes atomicity, consistency, isolation, durability. The CAP theorem, also called Brewer’s theorem, states that a distributed data store can simultaneously provide not more than two out of the three following principles: consistency, availability, and partition tolerance. SOLID is used in object-oriented programming and it stands for single responsibility, open-closed, Liskov substitution, interface segregation, and dependency inversion.
The actual experience is also very important, so it is good if the candidate has had a chance to apply these theorems in practice.
JavaScript Basics
Why to ask these questions:
Node.js is the technology that enabled the development of back-end with JavaScript. You cannot be working with a JavaScript runtime environment without the knowledge of JavaScript itself. After all, everything and always starts with the basics.
6. What is “this” keyword, and what does it refer to? What is the difference between “this” and context?
What answer to expect:
In JavaScript, the keyword “this” refers to the object it belongs to. It refers to a global object if located alone or in a function, to a local object if located in a method, or to an event if located in an event. Context also refers to objects, but it refers to the object that is located inside the executed function, while “this” refers to the object that the function is executed in.
7. Can we change an object if it is declared with “const”? If yes, how can you prevent changing?
What answer to expect:
It is possible to change the values inside an object that is declared with “const”. To prevent this from happening, you should use the Object.freeze() method.
8. Please, tell me about scope in JavaScript. What is it, and how does it work?
What answer to expect:
Scope determines the accessibility of variables. There are two types of scope: global — the variables are accessible in every part of the app, and local or function scope — variables are accessible only inside a function.
9. What is bind(), call(), and apply()? What is the difference between call() and apply()? Can you write your own version of the bind() function using apply()?
What answer to expect:
call() is a method that invokes a function and enables the passing of arguments one by one. apply() is a method that invokes a function and enables the passing of arguments as an array. bind () is a method that returns a function, which will be executed later with the correct context.
The technical example of the bind() function written using apply() is one of those Node js exercises that depend on the candidate’s experience and understanding. The solution may differ, but it is important that the candidate can provide one.
10. What is the difference between regular functions and arrow functions?
What answer to expect:
Regular functions are quite ordinary, but arrow functions have been introduced recently by ES6 to enable writing concise JS functions. Regular functions are constructible as they can be created with a function declaration or expression. Also, they are callable because they can be called with a “new” keyword. Meanwhile, arrow functions are callable but not constructible. Also, arrow functions, unlike regular functions, do not have “this” keyword and do not have the arguments keyword inside of them. Arguments objects are also available only in regular functions.
Database Basics
Why to ask these questions:
Back-end development refers to the server-side of a software product — it regulates the communication between a database and a browser. In JavaScript, the questions on back-end development equal the questions on Node.js, so there is no need to create a separate block of question on the back-end. However, there is a need to see if the developer knows how to work with databases.
11. What is the difference between relational and non-relational (SQL and NoSQL) databases? What needs does each type suit best?
What answer to expect:
Relational databases, such as PostgreSQL and MySQL, store data in tables. Non-relational databases, such as MongoDB, store data in JSON documents. Relation databases are best used when your app has to support dynamic queries. Meanwhile, non-relational databases are the best choice if you prioritize easy scalability.
12. What levels of database normalization are there? To which level, in your opinion, should you normalize your database so that it was acceptable?
What answer to expect:
There are three basic levels of database normalization: first, second, and third normal form, which are abbreviated 1NF, 2NF, and 3NF accordingly. In the database of 1NF level, data is stored in a relational table, each column contains atomic values, and no groups of columns are repeated. The 2NF database meets all the conditions of the first normal level, plus all the columns depend on the table’s primary key. The third normal level adds another condition — all the columns should not depend transitively on the primary key. After these, there goes BCNF — Boyce-Codd normal form also known as 3.5 normal form. To be of a BCNF level, the table should be 3NF and have a super key for A in every dependency A → B. There are also fourth and fifth normal levels, but they are more advanced. A 4NF table is the one following BCNF and having no multivalued dependencies. A 5NF table should be of 4NF and have no lossless decomposition into any number of smaller tables.
As for the question “To which level, in your opinion, should you normalize your database so that it was acceptable?”, there is no right or wrong response. Yet, the candidate’s answer can show you how confident they feel about databases and how meticulous they are.
13. What types of JOINs are there in SQL? How do they differ?
What answer to expect:
There are five types of JOINs in SQL: inner, left, right, full, and cross. To explain the difference, imagine two circles, A and B, that overlap. Each circle represents a table, and the overlap represents the set of records that are present in both A and B tables. Inner JOIN is the area of overlap, that is all the data that is present in both tables. Full JOIN is the area of both circles combined, that is all the data present in Table A and Table B combined. Left JOIN is the area of Circle A, that is all the data present in Table A even if it is also present in Table B. Respectively, right JOIN is the area of Circle B, that is all the data present in Table B. Meanwhile, a cross join produces a cartesian product between both tables. It returns all possible combinations of all rows.
14. How do indexes work, and what are those?
What answer to expect:
Indexes are the values used to sort database records. An index contains a field value and a pointer to a certain record. Then, the indexes are sorted. Indexing speeds up the search in the database because it tells the app which field to look up, and the SQL engine does not have to look through each and every row.
15. What do you understand by ‘Atomicity’ and ‘Aggregation’?
What answer to expect:
If a transaction follows the principle of atomicity, either all actions of this transaction will be performed or none. In other words, if the transaction was not completed successfully, the database will undo all completed actions by itself.
Aggregation stands for a principle of the relationship being expressed with the collection of entities and their relationships.
16. Do you know what is ORM and what it is used for?
What answer to expect:
ORM stands for object-relational mapping. This technique enables you to convert data between incompatible type systems with the help of object-oriented programming languages.
17. What types of relations are you familiar with?
What answer to expect:
There are three types of relationships:
- One-to-one,
- One-to-many,
- Many-to-many.
The one-to-one relation means that a single record from one table can be related to a single record from the other table.
The one-to-many relation means that a single record from one table can be related to zero, one, or many records from the other table.
The many-to-many relation means that any records from one table can be related to any records from the other table.
Node Basics
Why to ask these questions:
This block is the simplest one: when you conduct a NodeJS interview, you ask interview questions on Node js.
18. How does asynchronicity work in Node.js?
What answer to expect:
Asynchronicity means that the following operation does not wait for the previous one to be completed. The asynchronicity in Node.js works due to its event-based, non-blocking I/O model.
19. What is event loop, and how does it work in Node.js?
What answer to expect:
Event loop monitors the call stack and the callback queue. If the call stack is empty, it takes the event that is the first one in the queue and pushes it to the call stack where it will be run. This event loop iteration is called a tick, and each event is simply a function callback. The event loop consists of six phases: the incoming connections go through poll, check, close callbacks, timers, I/O callbacks, and idle and prepare.
20. What are the types of streams in Node.js, and how do they differ?
What answer to expect:
There are 5 types of stream in Node. js:
- readable streams,
- writable streams,
- duplex streams,
- transform streams,
- pass-through streams.
Readable streams serve as an abstraction of a data source from where the data is taken. Writable streams serve as an abstraction of a data destination to where the data is written. Duplex streams are both readable and writable. Transform streams are the same as duplex streams, but they can be used to modify or transform the data while reading or writing it. Pass-through streams are a more trivial implementation of Transform streams. It simply passes the input bytes across to the output. It is usually used for examples and testing.
21. What is the difference between process.nextTick(), setImmediate(), and setTimeout(() => {}, 0)? In what order will they execute and why?
What answer to expect:
process.nextTick() defers the execution of a function until the next iteration of event loop begins.
setImmediate() executes the scenario after the current poll phase is completed.
setTimeout(() => {}, 0) plans the scenario launch after the minimum time interval in milliseconds passes.
They will execute in the following order:
- process.nextTick()
- setImmediate()
- setTimeout(() => {}, 0)
22. What is child_process, and what it can be used for?
What answer to expect:
child_process is a module that enables accessing the functionalities of the OS by running any system command inside a child process.
The answer on what child_process can be used for will differ from the experience of the candidate. The point of this question is to see if they have the experience of working with it.
23. How does Node.js overcome the problem of I/O operations blocking?
What answer to expect:
The problem of blocking input-output operations is solved by the event-based model of Node.js and by the fact that it uses event loops instead of threads.
Network Data Transfer Basics
Why to ask these questions:
API is something that both front-end and back-end developers have to work with. They must know the basics of network data transfer to avoid critical security errors.
24. How does HTTPS work? What are the types of SSL certificates?
What answer to expect:
HTTPS is an extension of HTTP (the Hypertext Transfer Protocol). It adds an SSL/TLS layer on top of HTTP. An SSL certificate is a small data file with a cryptographic key, which activates the padlock and the HTTPS protocol in order to establish a secure connection between a web server and a browser.
There are three types of SSL certificates by the level of validation they provide:
- Domain Validation,
- Organization Validation,
- Extended Validation.
25. What are the main principles of REST?
What answer to expect:
There are five principles of REST:
- Contract first approach / Uniform Resource identifiers
- Layered architecture
- Statelessness
- Client-Server model
- Caching
26. Are you familiar with SOAP, and how does it differ from REST?
What answer to expect:
SOAP stands for Simple Object Access Protocol, and REST stands for Representational State Transfer. Respectively, SOAP is a protocol, and REST is an architectural pattern. While SOAP works only with XML, REST works with plain text, XML, HTML, and JSON. Thus, SOAP cannot use REST, but REST can use SOAP. Finally, SOAP needs more bandwidth for its usage than REST.
27. Have you ever used message brokers, such as RabbitMQ, and what are they for? What benefits do they offer?
What answer to expect:
Message protocols are intermediary software modules, the aim of which is to translate a message from the sender’s formal messaging protocol to the receiver’s formal messaging protocol and to help apps, services, and system communicate with each other. Message brokers are used for microservices. When one microservice falls down, the message is queued until the microservice works again. This way, no messages will be missed, and the security and reliability of the system increase.
28. What is long polling?
What answer to expect:
Long polling, which is also called HTTP long polling, is a technique when the server holds a client’s connection open until new data is available. In the original client/server model, the web client is always the initiator of transactions — it is the one to request data from the server. The server cannot independently send data to the client until it receives a request. The long polling technique was introduced to solve this problem.
Security Basics
Why to ask these Node js advanced interview questions:
Security is the number one concern of modern-day Internet users. It is not optional but obligatory to keep your app safe and invincible. This is why you have to make sure that your developers know what security threats to expect and how to prevent them.
29. What is an SQL-injection, and how to prevent it?
What answer to expect:
SQL-injection is a malicious attack on a database, which is conducted by placing malicious code in SQL statements via web input. To prevent SQL injections developers have to stop writing dynamic queries. Also, they should prevent user-supplied input containing malicious SQL from influencing the query logic.
30. Have you heard about a timing attack? What is it, and how to prevent it?
What answer to expect:
A timing attack is a security threat, where an offender discovers the security vulnerabilities of the system by analyzing how long the system responds to different inputs. To prevent timing attacks, the comparison of strings should not depend on their length. Also, the system should analyze and compare all the characters of both strings before returning true or false.
31. How to avoid broken access control?
What answer to expect:
The broken access control attack is a security threat when an attacker gets unauthorized access to some parts of the website.
To avoid broken access control, you should identify and prevent the following issues:
- Access control checks: users should pass certain security checks before getting access to some further parts of the website, and they should not be able to bypass this check by simply skipping the page.
- ID’s: web apps should not over-rely on id’s because guessing the id may grant an attacker unauthorized access.
- File permissions: files that are not to be presented to web users should not be marked as readable, let alone executable.
- Client-side caching: attackers can access web pages cached by browsers to gain unauthorized access.
32. What is server XSS?
What answer to expect:
Server XSS (cross-site scripting) is a security threat, when the unreliable user input is included in an HTML response, which is generated by the server. This input can be sent from a request or from a stored location. When a server XSS occurs, the server-side code is vulnerable, and the browser renders this response. To prevent server XSS, you should encode context-sensitive server-side output.
33. What is the same-origin policy?
What answer to expect:
The same-origin policy is an important security mechanism, which restricts the interaction between a document from one origin and a document from another origin. This way, you can isolate potentially dangerous documents and prevent security attacks.
Code Testing Basics
Why to ask these Node js basic interview questions:
Before submitting code to the Quality Assurance team, the developer should run automated code tests — it greatly optimizes the software development process. You need to make sure that the candidate knows how to do it.
34. What libraries do you use for unit, functional, and integration testing in Node.js? What do you write tests for?
What answer to expect:
The following libraries can be used: Mocha/Chai, Jest/Jasmine.
“What do you write tests for?” is a rather philosophical question with no right answer to it, so it serves to show you how the candidate thinks.
35. What are mocks and stubs? Why should we use realistic data for that?
What answer to expect:
Mocks and stubs are objects used in testing, which look and behave like actual production test objects but are more simplified. Stubs are objects that hold predefined data and use it to answer calls during tests. Mocks are objects that register calls they receive to verify that all expected actions are performed.
Yet, we should use realistic data in order to emulate the working environment and to catch actual cases.
36. Is it a good idea to run test coverage for each pull request in your CI?
What answer to expect:
This question is also one of those philosophical Node js interview questions for experienced developers. The most obvious answer would be that, during a heated development process, you should not run test coverage for each pull request because it will take too much time. However, when you are releasing important features, running full test coverage is a must.
To Wrap Up
This article is a win-win solution:
- If you are a developer, you are 36 answers away from getting a job as a Node.js developer.
- If you are the one to hire, you are 36 questions away from finding your perfect candidate.
But if you still feel like you need help or if you would like to trust us with the choice of Node.js developers, feel free to contact us.
Originally published at KeenEthics Blog.
