Top Top Full Stack Developer Interview Questions Interview Questions | CandidateToHR
Ace your Full Stack Developer interview. Practice the most common questions covering Frontend, Backend, Databases, and System Design.
CandidateToHR provides highly optimized, professional tech career resources. Build, customize, and analyze your tech career credentials completely free.
A full stack developer must master both client-side and server-side architecture. Prepare for your interview with our curated list of 40+ real questions covering React, Node.js, databases, caching, and system architecture.
Top Interview Questions & Answers
Beginner Interview Questions
Q: What is the difference between Frontend and Backend development?
A: Frontend development deals with the client-side of the application (what the user sees and interacts with) using HTML, CSS, JavaScript, and frameworks like React or Vue. Backend development deals with the server-side, handling databases, business logic, authentication, and APIs using languages like Node.js, Python, or Java.
Q: Explain the concept of a REST API.
A: REST (Representational State Transfer) is an architectural style for designing networked applications. It relies on a stateless, client-server, cacheable communications protocol — almost always HTTP. RESTful applications use HTTP requests to POST (create), PUT (update), GET (read), and DELETE (delete) data.
Q: What is the difference between SQL and NoSQL databases?
A: SQL databases are relational, table-based, and have predefined schemas (e.g., PostgreSQL, MySQL). They are ideal for complex queries and transactional data (ACID compliance). NoSQL databases are non-relational, document, key-value, graph, or wide-column stores (e.g., MongoDB, Redis). They have dynamic schemas and are typically better for hierarchical data storage and horizontal scaling.
Q: What is CORS?
A: CORS (Cross-Origin Resource Sharing) is a security mechanism implemented by browsers that prevents a webpage from making requests to a different domain than the one that served the web page. To allow cross-origin requests, the server must include specific HTTP headers (like `Access-Control-Allow-Origin`) in its responses.
Q: What is the Virtual DOM in React?
A: The Virtual DOM is a lightweight JavaScript representation of the actual DOM. React keeps a copy of the UI in memory and syncs it with the real DOM using a process called reconciliation. This minimizes expensive real DOM operations, vastly improving performance.
Q: What is package.json used for in Node.js?
A: The `package.json` file holds various metadata relevant to a Node.js project. It is used to manage the project's dependencies, scripts, version, and configuration, allowing npm to easily install required packages and start the application.
Q: Explain the Box Model in CSS.
A: The CSS Box Model is essentially a box that wraps around every HTML element. It consists of: margins (outermost layer), borders, padding (space between content and border), and the actual content itself. Understanding this is crucial for accurate layout design.
Q: What is Semantic HTML?
A: Semantic HTML refers to using HTML tags that convey the meaning of the content, rather than just its presentation. For example, using ``, ``, and `` instead of generic `` tags. It improves accessibility for screen readers and SEO.
Q: What is a Promise in JavaScript?
A: A Promise is an object representing the eventual completion (or failure) of an asynchronous operation and its resulting value. It can be in one of three states: pending, fulfilled, or rejected. Promises help avoid 'callback hell'.
Q: What is the role of Git?
A: Git is a distributed version control system used to track changes in source code during software development. It allows multiple developers to work collaboratively, revert to previous versions, and manage branching and merging effectively.
Intermediate Interview Questions
Q: How does authentication differ from authorization?
A: Authentication is the process of verifying who a user is (e.g., checking a username and password). Authorization is the process of verifying what specific applications, files, and data a user has access to (e.g., checking if a user has admin privileges).
Q: Explain how JWT (JSON Web Tokens) work.
A: JWT is a compact, URL-safe means of representing claims between two parties. The token consists of three parts: Header, Payload, and Signature. Once a user logs in, the server signs a JWT and sends it to the client. The client stores it (e.g., in an HttpOnly cookie) and sends it with every request. The server verifies the signature to authenticate the request statelessly.
Q: What is Server-Side Rendering (SSR) vs Client-Side Rendering (CSR)?
A: In CSR, the server sends a barebones HTML file and a large JavaScript bundle; the browser executes the JS to render the UI. This can lead to slower initial loads and poor SEO. In SSR, the server pre-renders the HTML with data and sends a fully populated page to the client, improving SEO and Time-To-First-Byte (TTFB).
Q: What is Docker and why is it useful?
A: Docker is a platform that uses OS-level virtualization to deliver software in packages called containers. Containers isolate software from its environment and ensure that it works uniformly regardless of differences in OS or infrastructure. It solves the 'it works on my machine' problem.
Q: How do you handle state management in a large React application?
A: In a large React app, local state (useState) is often insufficient. I would use Context API for simple global state (like theme or auth), and libraries like Redux Toolkit, Zustand, or Recoil for complex global state. For server state (fetching, caching), tools like React Query or RTK Query are best.
Q: What is middleware in Node.js/Express?
A: Middleware functions are functions that have access to the request object (req), the response object (res), and the next middleware function in the application's request-response cycle. They can execute any code, make changes to the request/response objects, end the response cycle, or call `next()`.
Q: Explain Database Normalization and Denormalization.
A: Normalization is the process of organizing data to reduce redundancy and improve data integrity (e.g., separating related data into different tables and using foreign keys). Denormalization is the deliberate addition of redundant data to improve read performance, often used in NoSQL databases or data warehouses.
Q: What is the event loop in JavaScript?
A: The event loop is a mechanism that allows Node.js (and browsers) to perform non-blocking I/O operations despite JavaScript being single-threaded. It offloads operations to the system kernel whenever possible, and when those operations complete, the kernel tells Node.js to add the appropriate callback to the poll queue to be executed.
Q: How do you optimize the performance of a web application?
A: On the frontend: bundle splitting, lazy loading, image optimization, minimizing reflows/repaints, using CDNs, and caching. On the backend: database indexing, caching (Redis), optimizing queries, load balancing, and using asynchronous processing for heavy tasks.
Q: What is GraphQL and how does it compare to REST?
A: GraphQL is a query language for APIs. Unlike REST, which requires loading from multiple URLs (endpoints) to fetch complex data, GraphQL allows clients to request exactly the data they need and nothing more in a single request. This prevents over-fetching and under-fetching.
Advanced Interview Questions
Q: Explain how you would design a scalable URL shortener like bit.ly.
A: I'd start with a load balancer routing requests to web servers. For data, I'd use a relational DB (or NoSQL like Cassandra for high writes) to store the long URL, short hash, and user ID. To generate the short hash, I'd use Base62 encoding on an auto-incrementing ID or a distributed ID generator (like Snowflake) to prevent collisions. I'd add a caching layer (Redis) to store frequently accessed URLs to reduce DB read load. For analytics, asynchronous workers (Kafka/RabbitMQ) would process click events without blocking the redirect.
Q: What are microservices and what are their pros and cons?
A: Microservices are an architectural style structuring an application as a collection of loosely coupled, independently deployable services organized around business capabilities. Pros: independent scaling, technology flexibility, fault isolation. Cons: complex deployment, networking overhead, distributed data management, and difficult debugging/tracing.
Q: How does a message broker like RabbitMQ or Kafka fit into a full-stack architecture?
A: Message brokers enable asynchronous communication between microservices. They decouple the sender and receiver, allowing the system to handle spikes in traffic by queuing tasks (e.g., sending emails, processing images) to be executed by worker nodes later, rather than blocking the main web server thread.
Q: Explain CI/CD.
A: CI/CD stands for Continuous Integration and Continuous Deployment/Delivery. CI is the practice of automating the integration of code changes from multiple contributors into a single software project (running tests on every push). CD automates the release of the validated code to a repository and subsequently deploying it to production environments reliably.
Q: What is the N+1 query problem and how do you fix it?
A: The N+1 query problem occurs when an ORM executes one query to retrieve a list of N entities, and then N additional queries to load a related entity for each of them. This severely degrades performance. It is fixed by using eager loading (e.g., JOINs in SQL, `.populate()` in Mongoose, or DataLoader in GraphQL) to fetch all related data in a single, batched query.
Q: How do you implement CSRF protection?
A: Cross-Site Request Forgery (CSRF) is mitigated by using anti-CSRF tokens. The server generates a unique, cryptographically strong token and includes it in the user's session and in a hidden field on the form (or sends it via an HTTP header). When the form is submitted, the server verifies the token matches the session. Alternatively, using SameSite=Lax or SameSite=Strict attributes on cookies provides strong protection.
Q: What are WebSockets and when would you use them?
A: WebSockets provide full-duplex, bidirectional communication channels over a single TCP connection. Unlike HTTP (where the client must poll the server), WebSockets allow the server to push data to the client instantly. They are essential for real-time applications like chat apps, live sports updates, or collaborative editing tools.
Q: Describe the CAP theorem.
A: The CAP theorem states that a distributed data store can only simultaneously provide two of the following three guarantees: Consistency (every read receives the most recent write), Availability (every request receives a non-error response), and Partition tolerance (the system continues to operate despite network drops). During a network partition, you must choose between Consistency or Availability.
Q: How does Redis improve application performance?
A: Redis is an in-memory key-value data store. It improves performance by caching frequently accessed data (like user sessions, API responses, or database query results) in RAM, which has microsecond latency compared to the millisecond latency of traditional disk-based databases. It's also used for pub/sub messaging and rate limiting.
Q: What are the common strategies for database sharding?
A: Sharding is horizontal partitioning of a database. Strategies include: Range-based sharding (partitioning by a range of values, e.g., dates), Hash-based sharding (applying a hash function to the sharding key to distribute data evenly), and Directory-based sharding (using a lookup table to track which shard holds which data). Sharding improves scalability but makes joins and transactions across shards very complex.
Frequently Asked Questions
Related Resources & Next Steps
Full Stack Developer Roadmap 2026 | CandidateToHR Top Top Full Stack Developer Interview Questions Interview Questions | CandidateToHR Full Stack Developer Resume Examples Resume Example | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Austin, TX | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in San Francisco, CA | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Seattle, WA | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in New York, NY | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Boston, MA | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Denver, CO | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Chicago, IL | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Atlanta, GA | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Los Angeles, CA | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in San Diego, CA | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Dallas, TX | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Houston, TX | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Washington, D.C. | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Raleigh, NC | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Salt Lake City, UT | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Phoenix, AZ | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Miami, FL | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Boulder, CO | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Portland, OR | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Minneapolis, MN | CandidateToHR Full Stack Developer Salary in India (2026) Salary Guide in Charlotte, NC | CandidateToHR