📋 Interview Questions¶

🔹 C# Language & OOP Foundations¶

1. OOP Principles¶

Can you explain the four pillars of OOP (encapsulation, inheritance, polymorphism, abstraction) with examples?
What’s the difference between abstract classes and interfaces in C#?
What is method overriding vs. method overloading?
How does multiple inheritance work in C# (via interfaces)?
What are sealed classes and when would you use them?

2. Types & Memory¶

What’s the difference between value types and reference types?
How are structs different from classes?
What’s the difference between ref, out, and in parameters?
Explain boxing and unboxing. Why can it be dangerous for performance?
What are nullable reference types and how do they improve code safety?

3. Generics & Collections¶

What are generics and why are they useful?
Difference between List<T>, Dictionary<TKey,TValue>, and HashSet<T>?
What’s covariance and contravariance in generics?
How does IEnumerable<T> differ from IQueryable<T>?
Explain yield return and when you’d use it.

4. Delegates, Events, and LINQ¶

What are delegates and how are they different from function pointers?
Explain the difference between Action, Func, and Predicate.
How do events work in C#? Can you explain the observer pattern?
What’s the difference between LINQ to Objects, LINQ to SQL, and LINQ to Entities?
How do you optimize LINQ queries to avoid performance issues?

5. Asynchronous Programming¶

Explain the difference between synchronous, asynchronous, and parallel execution.
How does the async/await pattern work in C#?
What’s the difference between Task, ValueTask, and Thread?
When would you use ConfigureAwait(false)?
How would you cancel an async operation using CancellationToken?

6. Advanced Features¶

What are records in C# 9+ and how do they differ from classes?
How do pattern matching enhancements improve readability?
What are tuples in C# and when would you prefer them over classes?
Can you explain extension methods and give a real-world use case?
What’s the difference between dynamic and var?

7. Reflection & Attributes¶

What is reflection in C# and when would you use it?
How do you define and apply custom attributes?
What’s the difference between [Serializable], [Obsolete], and [DataContract] attributes?
How would you use reflection to dynamically load assemblies or types?
What are the downsides of overusing reflection?

8. Memory Management & Performance¶

How does the Garbage Collector work in .NET?
What are the GC generations (Gen 0, 1, 2, LOH)?
How would you diagnose a memory leak in a C# application?
What’s the difference between IDisposable and finalizer?
How do you use the using statement for deterministic disposal?

9. Threading & Parallelism¶

What’s the difference between Thread, Task, and ThreadPool?
How do you use Parallel.ForEach or PLINQ?
What are locks, Monitor, and SemaphoreSlim?
Explain deadlock and how to avoid it.
What is the Thread-Safe Singleton pattern in C#?

10. C# Language Evolution¶

What are the most important features introduced in C# 8, 9, 10, 11, 12?
What are default interface methods?
How do init-only properties differ from standard properties?
Explain file-scoped namespaces.
What are source generators in C#?

🔹 Backend Foundations (.NET Core)¶

1. Core .NET vs .NET Core¶

What are the main differences between .NET Framework and .NET Core?
Why would you choose .NET Core over the old framework for new projects?
What does cross-platform mean in the context of .NET Core?

2. Application Startup & Middleware¶

Can you explain the request pipeline in ASP.NET Core?
How do you add a custom middleware? What use cases have you implemented it for?
What’s the difference between Use, Run, and Map in middleware registration?
How do you handle global exception handling in middleware?
How would you add request/response logging middleware?

3. Dependency Injection (DI)¶

How does built-in DI in ASP.NET Core work?
What’s the difference between AddSingleton, AddScoped, and AddTransient?
When would you use a factory pattern inside DI?
How do you register generic services in DI (e.g., repositories)?
Can you inject configuration or options into services?

4. Controllers & Endpoints¶

What are Controllers and Minimal APIs in ASP.NET Core?
Which would you prefer for microservices – controllers or minimal APIs? Why?
How do you implement model binding in ASP.NET Core?
How do you handle validation (DataAnnotations, FluentValidation)?
How would you design standardized error responses?

5. Configuration & Options¶

How does ASP.NET Core load configuration (appsettings.json, environment variables, KeyVault, etc.)?
What’s the purpose of Options pattern (IOptions, IOptionsSnapshot, IOptionsMonitor)?
How do you structure configuration for multi-environment deployments (Dev/Test/Prod)?
How would you secure sensitive settings (connection strings, API keys)?

6. Health Checks & Readiness¶

How do you implement ASP.NET Core Health Checks?
What’s the difference between liveness and readiness probes?
How would you integrate health checks into Kubernetes (AKS)?
How do you expose health checks for dependent services (DB, Redis, Service Bus)?

7. Telemetry & Logging¶

Which logging providers have you used in ASP.NET Core? (Serilog, NLog, Application Insights)
What’s the difference between structured logging and plain text logging?
How do you enrich logs with contextual data (e.g., correlation IDs)?
How do you implement distributed tracing (OpenTelemetry)?
How do you manage log levels across environments (debug in dev, info in prod)?

8. Error Handling & Resilience¶

What are the recommended patterns for global exception handling in ASP.NET Core?
How do you return problem details (RFC 7807) instead of generic error messages?
How do you configure retry policies for downstream API calls (Polly)?
What’s the difference between retry, circuit breaker, and fallback patterns?

9. Hosting & Services¶

What’s the difference between Kestrel and IIS hosting?
How do you self-host a .NET Core API with Kestrel only?
What are hosted services (IHostedService, BackgroundService)?
When would you use Worker Services instead of Web APIs?
How do you integrate background jobs with Hangfire or Azure Functions?

10. Advanced Topics¶

How does ASP.NET Core support gRPC services alongside REST APIs?
How would you implement versioning in APIs?
What’s the difference between synchronous and asynchronous controllers?
How do you implement cancellation tokens for long-running requests?
What are filters (action, exception, authorization) in ASP.NET Core?

🔹 Data & Persistence¶

1. ORM & Data Access¶

What’s the difference between Entity Framework Core, NHibernate, and Dapper?
When would you choose EF Core vs. NHibernate vs. raw ADO.NET?
What are the advantages and disadvantages of code-first vs. database-first approaches?
How do you implement the Repository and Unit of Work patterns with EF Core or NHibernate?
How do you optimize ORM performance in high-traffic applications?

2. Querying & LINQ¶

What’s the difference between IEnumerable and IQueryable?
How do you write optimized LINQ queries that avoid N+1 issues?
What’s the difference between eager loading, lazy loading, and explicit loading?
How do you debug or profile queries generated by EF Core?
How do you handle raw SQL queries in EF Core or NHibernate?

3. Transactions & Concurrency¶

How do you handle transactions in EF Core and NHibernate?
What’s the difference between optimistic and pessimistic concurrency control?
How do you prevent deadlocks in database operations?
How do you implement distributed transactions (e.g., using the Outbox or Saga pattern)?
How do you manage transaction boundaries in microservices?

4. Database Migrations & Versioning¶

How do you apply migrations in EF Core?
How do you handle migrations in a team environment with multiple developers?
How do you ensure backward compatibility during schema changes?
What’s your approach for zero-downtime database migrations?
How do you manage seed data in different environments?

5. Caching & Performance¶

What’s the difference between in-memory cache and distributed cache?
How do you integrate Redis with .NET Core for caching?
How do you implement cache expiration and cache invalidation strategies?
When would you use output caching in APIs?
How do you handle caching for multi-tenant applications?

6. Advanced Persistence Patterns¶

What’s the Specification pattern and how do you use it with repositories?
How do you implement soft deletes in EF Core or NHibernate?
How do you model complex types (value objects, JSON columns, hierarchical data)?
What’s the difference between event sourcing and traditional CRUD persistence?
How do you design persistence for CQRS (Command Query Responsibility Segregation)?

7. Multi-Database & Cloud Datastores¶

How do you manage connections to multiple databases in the same application?
Have you worked with NoSQL databases (Cosmos DB, MongoDB) alongside SQL?
How do you implement sharding or partitioning in SQL databases?
What are the trade-offs between SQL and NoSQL in microservices?
How do you ensure data consistency across heterogeneous datastores?

8. Security & Compliance¶

How do you prevent SQL Injection in EF Core and NHibernate?
How do you secure connection strings across environments?
How do you implement row-level security in SQL Server or PostgreSQL?
How do you handle PII (Personally Identifiable Information) in databases?
What practices do you follow for GDPR/HIPAA compliance in persistence?

🔹 Messaging & Distributed Systems¶

1. Messaging Fundamentals¶

What’s the difference between queues and topics/subscriptions?
How do you ensure message ordering in a distributed system?
What’s the difference between push-based and pull-based messaging models?
What’s the difference between at-most-once, at-least-once, and exactly-once delivery semantics?
What is the purpose of a dead-letter queue (DLQ)?

2. Azure Service Bus / RabbitMQ Basics¶

How do you publish and consume messages with Azure Service Bus in .NET?
What’s the difference between RabbitMQ exchanges (fanout, topic, direct, headers)?
How do you configure prefetch counts and message acknowledgements?
How would you handle poison messages in Service Bus or RabbitMQ?
How do you monitor the health of queues and subscriptions?

3. Frameworks: MassTransit & NServiceBus¶

What are the benefits of using MassTransit over raw Service Bus/RabbitMQ SDKs?
How do you define a consumer in MassTransit?
How do you configure retry policies in MassTransit or NServiceBus?
What’s the role of a saga in NServiceBus, and how does it compare to MassTransit sagas?
How do you implement message correlation across multiple services?

4. Idempotency & Reliability¶

How do you ensure idempotent message processing?
What is the Outbox pattern and why is it important?
How do you implement deduplication of messages?
How do you ensure exactly-once processing when the broker only provides at-least-once?
How do you use transactional message publishing with EF Core or NHibernate?

5. Distributed Transactions & Sagas¶

What is the Saga pattern and when should it be used?
How do you model long-running workflows using sagas?
What’s the difference between orchestration and choreography in sagas?
How would you implement a compensating transaction in a distributed system?
How do you debug or test a saga flow across multiple services?

6. Event-Driven Architecture (EDA)¶

What’s the difference between commands, events, and queries?
How do you decide whether to use synchronous RPC vs. event-driven messaging?
How do you design an event bus in microservices?
What are the advantages and risks of eventual consistency?
How do you evolve event schemas without breaking consumers?

7. Monitoring & Observability¶

How do you trace a message across multiple services (distributed tracing)?
Which tools have you used for monitoring (Application Insights, OpenTelemetry, Prometheus, Grafana)?
How do you measure queue depth, throughput, and latency?
How do you detect message loss or duplication in production?
How would you implement alerts for messaging failures?

8. Performance & Scaling¶

How do you scale message consumers horizontally?
What are the trade-offs between competing consumers vs. partitioned consumers?
How do you handle backpressure in a high-throughput system?
How do you optimize batch processing of messages?
How would you tune prefetch settings in RabbitMQ or Service Bus?

9. Security & Compliance¶

How do you secure Service Bus or RabbitMQ connections?
What’s the difference between SAS tokens, Managed Identities, and certificates in Azure Service Bus?
How do you implement message encryption (in transit and at rest)?
How do you enforce authorization and RBAC on message consumers?
How do you handle PII and GDPR compliance in event payloads?

🔹 Service Models & Communication¶

1. API Paradigms & Protocols¶

Compare REST, gRPC, and GraphQL: when to choose each? Trade-offs for mobile/web/internal services.
Wire formats: JSON vs Protobuf vs Avro — size, speed, schema evolution.
Streaming models: unary, server/client streaming, bidi streaming — use cases.
Versioning philosophies across paradigms (URL/headers for REST, proto evolution for gRPC, schema evolution for GraphQL).

2. REST API Design¶

Resource modeling, HTTP verbs, status codes, and idempotency (PUT vs POST vs PATCH).
Pagination & filtering patterns (cursor vs offset, RFC-5988 links).
HATEOAS: do you use it? Pros/cons in real systems.
ETag/If-Match for concurrency & caching.
Standardized errors (RFC 7807 ProblemDetails) and correlation IDs.

3. gRPC Services¶

Designing proto contracts and managing breaking vs non-breaking changes.
Deadlines/timeouts, metadata/headers, and status code mapping to HTTP.
Streaming patterns in practice (progress, large payloads).
gRPC-Web for browsers; when to expose REST alongside gRPC.
Load balancing for gRPC (client-side vs server-side; probes/health).

4. GraphQL APIs¶

Schema design: queries, mutations, subscriptions; avoiding the N+1 problem (dataloaders).
Authorization strategies (field-level vs resolver-level).
Caching in GraphQL (persisted queries, CDN considerations).
Federation (e.g., Apollo) vs single gateway; schema stitching.
Versioning without versions — deprecation & evolution strategies.

5. Real-Time Communication (SignalR)¶

Transports: WebSockets, SSE, long-polling — fallback strategy and detection.
Scaling SignalR with a backplane (Redis/Azure SignalR), message ordering, and delivery guarantees.
Hub design, groups, authorization, reconnect & backoff policies.
Flow control & throttling for noisy clients; handling binary payloads.
Observability for hubs (per-client metrics, slow consumer detection).

6. Inter-Service Communication Patterns¶

Choosing sync (REST/gRPC) vs async (events/queues); latency budgets & coupling.
BFF (Backend-for-Frontend) pattern — when and how to apply.
Choreography vs orchestration; where to place business workflow logic.
Handling backpressure, retries, and timeouts across service boundaries.
Designing contracts for idempotency keys and request deduplication.

7. API Gateways & Edge¶

Selecting YARP, Ocelot, Azure API Management — criteria and typical use cases.
Policies: rate limiting, JWT validation, request/response transforms, header/URL rewrite, compression.
Canary & blue/green via gateway routing; circuit breakers at the edge.
Developer portal, subscription keys, quotas and analytics.
Multi-tenant concerns at the edge (routing, per-tenant throttles).

8. Service Discovery & Load Balancing¶

Kubernetes service discovery (ClusterIP/Headless/Ingress), DNS-based discovery.
Client-side vs server-side load balancing; sticky sessions vs stateless design.
Health checks: liveness/readiness/startup and graceful shutdown.
Consistent hashing, partitioning/sharding strategies for hot keys.
Mesh-level discovery (Istio/Linkerd) and traffic shifting.

9. Security & Compliance¶

OAuth2/OIDC flows for SPAs, mobile, and service-to-service; JWT validation, scopes & claims.
mTLS between services; certificate rotation and zero-trust posture.
CORS, CSRF, input validation, and request size limits at the edge.
PII minimization, payload encryption, and data masking in logs.
Threat modeling for APIs (replay, downgrade, injection) and WAF integration.

10. Observability, Contracts & Governance¶

OpenAPI/Swagger & Scalar for REST; gRPC reflection; GraphQL schema docs.
Contract testing (Pact, protobuf/gql schema checks) in CI.
OpenTelemetry for traces/metrics/logs; propagating correlation IDs across hops.
API SLOs (availability, latency, error rate) and alerting on error budgets.
Deprecation policy, backward compatibility, and sunset headers.

11. Performance & Resilience¶

Timeouts, retries, circuit breakers, bulkheads, and fallbacks (Polly patterns).
Gateway and client-side caching; CDN considerations for APIs.
Payload tuning (compression, pagination windowing, gRPC message size).
Defensive limits: concurrent request caps, queue length, and token buckets.
Load testing strategies and capacity planning for spikes.

12. Advanced Topics¶

Service Mesh features (Istio): mTLS by default, traffic mirroring, retries at mesh layer.
Dapr building blocks for pub/sub, bindings, service invocation.
Bridging paradigms: exposing REST for external consumers while using gRPC internally.
Edge compute concerns (Cloudflare/Azure Front Door): auth at edge, geo routing.
Multi-region routing, latency-aware load balancing, and failover plans.

🔹 Frontend (Angular / Blazor / JS)¶

1. Angular Fundamentals¶

What are components, modules, and services in Angular, and how do they interact?
What’s the role of NgModules in structuring Angular apps?
What’s the difference between template-driven and reactive forms? Which do you prefer and why?
How does change detection work in Angular?
What’s the purpose of zone.js in Angular?

2. TypeScript & JavaScript¶

What features of TypeScript do you find most useful for large Angular apps?
Can you explain the difference between interface and type in TypeScript?
What are generics in TypeScript and when would you use them?
How do you handle async/await and Promises in frontend code?
What are decorators in Angular, and how do they differ from standard TypeScript decorators?

3. State Management¶

How would you manage state in a medium-to-large Angular app?
What’s your experience with NgRx or other state management libraries?
How do you decide between a service with BehaviorSubject vs. NgRx?
How do you implement selectors and effects in NgRx?
How do you debug state in Angular (e.g., Redux DevTools, custom logging)?

4. Data Binding & Communication¶

Can you explain one-way, two-way, and event binding in Angular?
How would you pass data between parent and child components?
What’s the role of RxJS Observables in Angular applications?
How do you handle unsubscribing from Observables to avoid memory leaks?
How would you integrate Angular with REST/gRPC APIs and handle errors?

How does Angular’s Router work?
What’s the difference between lazy loading and eager loading?
How do you implement route guards for authentication/authorization?
What’s the role of resolvers in Angular routing?
How do you handle deep linking and query parameters?

6. Real-Time Communication¶

How would you integrate SignalR into an Angular app?
How do you handle websocket disconnections/reconnections gracefully?
How do you throttle/debounce real-time events in Angular?
What are strategies to ensure real-time UI responsiveness under heavy load?

7. Blazor Fundamentals¶

What are the differences between Blazor Server and Blazor WebAssembly?
How do Blazor components differ from Angular components?
How would you implement dependency injection in Blazor?
How do you handle JS interop in Blazor?
What are the main limitations of Blazor WebAssembly vs. Server?

8. UI/UX, Accessibility & Performance¶

How do you ensure compliance with WCAG 2.1 accessibility standards?
What techniques do you use for responsive design (CSS Grid, Flexbox, media queries)?
How do you optimize Angular performance (change detection, lazy loading, trackBy)?
How do you handle internationalization (i18n) in Angular (ngx-translate, Angular i18n)?
How do you manage theming (dark/light mode, CSS variables, Tailwind, Angular Material)?

9. Testing & Quality¶

How do you test Angular components with Jasmine/Karma?
What’s the difference between unit tests and e2e tests (Cypress, Playwright)?
How do you test Blazor components (e.g., with bUnit)?
How do you ensure cross-browser compatibility?
How do you include frontend testing in a CI/CD pipeline?

10. Advanced Topics¶

What are progressive web apps (PWA) in Angular/Blazor?
Have you worked with micro frontends (Module Federation, Single-SPA)?
How would you integrate GraphQL clients in Angular or Blazor?
How do you secure frontend apps (XSS prevention, CSP, sanitization)?
How do you optimize bundle size and load time (tree-shaking, code splitting)?

🔹 Cloud & DevOps¶

1. Azure Fundamentals¶

Which Azure services have you worked with (App Service, AKS, Functions, Service Bus, Storage, Cosmos DB)?
How do you deploy a .NET Core app to Azure App Service?
What are the differences between Azure Functions and background workers (e.g., Hangfire)?
How do you implement scaling in Azure (horizontal vs. vertical)?
How do you manage multi-region deployments for high availability?

2. Containerization & Orchestration¶

How do you containerize a .NET Core API using Docker?
What’s the difference between Docker Compose and Kubernetes (AKS)?
How do you structure multi-container solutions with networking?
What’s the role of Helm charts in Kubernetes deployments?
How do you configure KEDA for autoscaling based on queue/event load?

3. Infrastructure as Code (IaC)¶

What’s the difference between ARM templates, Bicep, and Terraform?
How would you deploy a full environment (API, DB, Storage, Service Bus) with IaC?
Can you explain what Pulumi is and how it differs from Terraform/Bicep?
How do you implement GitOps using ArgoCD or Flux?
How do you manage environment configuration across Dev/Test/Prod?

4. CI/CD & Pipelines¶

Can you describe a CI/CD pipeline you’ve built for .NET + Angular in Azure DevOps?
How would you configure a pipeline to:
Run unit tests and enforce coverage thresholds
Build & push Docker images to Azure Container Registry
Deploy to multiple environments (Dev/Test/Prod) with approvals
How do you implement blue/green and canary deployments?
How do you manage feature flags in deployments (.NET Feature Management / LaunchDarkly)?
How do you secure pipeline secrets in Azure DevOps/GitHub Actions?

5. Secrets & Config Management¶

How do you manage secrets in Azure (Key Vault, env vars, config providers)?
What’s the difference between system-assigned and user-assigned managed identities?
How do you rotate certificates and keys automatically?
How do you integrate Key Vault with Kubernetes (CSI driver)?
How do you handle multi-tenant configuration isolation?

6. Monitoring & Observability¶

Which observability tools have you used (Serilog, OpenTelemetry, Application Insights, Grafana, Prometheus)?
How would you configure distributed tracing for microservices?
How do you define and monitor SLOs/SLAs in Azure?
How do you set up alerts and dashboards for failures or performance degradation?
How do you use chaos testing (Azure Chaos Studio) to validate resilience?

7. Resilience & Reliability¶

What’s the difference between retry, circuit breaker, and bulkhead patterns?
How would you configure DLQ (Dead Letter Queues) and retries in Azure Service Bus?
How do you implement graceful shutdown in Kubernetes pods?
How do you ensure zero-downtime deployments with rolling updates?
What’s your approach to disaster recovery (DR) in Azure?

8. Security & Compliance¶

How do you integrate OAuth2/OpenID Connect in a cloud-hosted app?
How do you enforce TLS and mTLS across services?
How do you secure API endpoints against abuse (WAF, rate limiting, throttling)?
How do you implement container image scanning & signing?
How do you ensure GDPR/HIPAA compliance for cloud-hosted solutions?

🔹 CI/CD, Git & Collaboration¶

1. Version Control & Branching¶

Which Git branching strategy do you prefer (GitFlow, trunk-based, GitHub Flow)? Why?
What are the trade-offs between long-lived feature branches and short-lived branches?
What’s the difference between merge and rebase? When would you use each?
How do you handle hotfixes in a GitFlow workflow?
How do you enforce branch naming conventions and commit message standards (e.g., Conventional Commits)?

2. Pull Requests & Code Reviews¶

What makes a good pull request?
How do you enforce mandatory reviews before merging?
How do you conduct a constructive code review?
How do you ensure code review coverage for critical modules?
What tools have you used for code quality enforcement (SonarQube, analyzers, StyleCop, ESLint, Prettier)?

3. CI/CD Pipelines¶

Can you describe a CI/CD pipeline you’ve built for a .NET + Angular solution in Azure DevOps or GitHub Actions?
How do you structure pipelines for multi-service microservice environments?
How do you implement approval gates for staging vs production?
How do you enforce minimum code coverage thresholds in pipelines?
How do you manage pipeline templates and reusable YAML across repos?

4. Release Strategies¶

What’s the difference between blue/green, canary, and rolling deployments?
Which release strategies have you used in production and why?
How do you roll back a failed deployment safely?
How do you perform feature toggling and progressive delivery?
How do you validate backward compatibility in rolling deployments?

What’s your experience with Docs-as-Code (Markdown, MkDocs)?
How do you document API endpoints (Swagger/OpenAPI, Scalar)?
Do you use Architecture Decision Records (ADRs)? Why or why not?
How do you keep documentation in sync with code?
How do you integrate diagrams-as-code (Mermaid, PlantUML) into your workflow?

6. Collaboration & Agile Practices¶

What’s your role in a Scrum or Kanban team?
How do you report progress and blockers in a distributed team?
How do you manage work in Azure DevOps Boards, Jira, or Trello?
How do you balance following requirements vs suggesting improvements?
How do you handle multilingual communication in distributed teams?

7. Dependency & Artifact Management¶

How do you manage NuGet/npm dependencies across multiple repos?
How do you configure Azure Artifacts or GitHub Packages for private feeds?
How do you enforce versioning (SemVer) across services?
How do you handle dependency scanning and security updates in pipelines?
How do you automate changelog generation and release notes?

8. Quality Gates & Governance¶

How do you set up SonarQube quality gates for .NET projects?
What static analyzers do you use for C# and TypeScript?
How do you enforce style rules (Roslyn analyzers, ESLint, Prettier)?
How do you prevent secrets leakage in repositories and pipelines?
How do you measure and enforce technical debt reduction?

9. Advanced Topics¶

How do you design monorepo vs multirepo strategies?
How do you manage cross-repo dependencies in CI/CD?
Have you implemented GitOps with Flux/ArgoCD? What challenges did you face?
How do you secure CI/CD pipelines against supply chain attacks?
How do you integrate compliance checks (SAST/DAST, license scanning) into CI/CD?

🔹 Testing & Quality¶

1. Testing Foundations¶

What’s the difference between unit tests, integration tests, and end-to-end (E2E) tests?
Can you give an example of when you’d use each type?
How do you balance test coverage vs. test value?
What’s your approach to writing testable code?
How do you avoid flaky tests?

2. Unit Testing¶

How do you structure unit tests in .NET (naming conventions, AAA pattern)?
Which testing frameworks have you used (xUnit, NUnit, MSTest)?
What’s the difference between Fact and Theory in xUnit?
How do you test async methods in C#?
How do you handle edge cases and exceptions in unit tests?

3. Integration Testing¶

How do you write integration tests for ASP.NET Core Web APIs?
What’s the role of TestServer and WebApplicationFactory in integration testing?
How do you test database interactions with EF Core/NHibernate?
What’s your approach to test containers (SQL Server, RabbitMQ, etc.)?
How do you mock or stub external services in integration tests?

4. End-to-End (E2E) Testing¶

What tools have you used for E2E testing (Selenium, Playwright, Cypress)?
How do you test Angular components end-to-end?
How do you handle authentication flows in automated browser tests?
How do you manage test environments and test data?
How do you ensure cross-browser compatibility?

5. TDD & BDD¶

What’s the difference between Test-Driven Development (TDD) and Behavior-Driven Development (BDD)?
Can you explain the Red → Green → Refactor cycle in TDD?
How do you write SpecFlow/Gherkin scenarios for a feature?
How do you integrate BDD tests into CI/CD pipelines?
What are the challenges of practicing TDD/BDD in real-world projects?

6. Mocking & Test Doubles¶

What’s the difference between mocks, stubs, and fakes?
Which mocking frameworks have you used (Moq, NSubstitute, FakeItEasy)?
How do you mock DbContext or repositories in EF Core?
How do you mock HTTP calls in .NET (HttpClient, Refit)?
When would you prefer a real test container instead of mocks?

7. Performance & Load Testing¶

Have you used k6, JMeter, or Locust for load testing?
How do you define performance SLAs (latency, throughput, error rate)?
How do you simulate spikes and stress tests?
How do you profile performance bottlenecks in .NET?
How do you include load testing results in release decisions?

8. Test Automation in CI/CD¶

How do you integrate tests into Azure DevOps pipelines?
How do you enforce minimum code coverage thresholds?
How do you parallelize tests in pipelines for speed?
How do you handle test reporting (dashboards, flaky test tracking)?
How do you run E2E/browser tests in CI/CD (Playwright headless, Selenium Grid)?

9. Quality Gates & Governance¶

What’s your experience with SonarQube quality gates for test coverage?
How do you measure code quality beyond coverage (complexity, maintainability)?
How do you track technical debt in projects?
How do you ensure regression coverage as features evolve?
How do you balance fast delivery vs. high test quality?

🔹 Performance & Optimization¶

1. Profiling & Diagnostics¶

How do you identify performance bottlenecks in a .NET application?
What tools do you use for profiling and diagnostics (e.g., dotTrace, PerfView, Visual Studio Profiler)?
How do you analyze memory allocations and GC pressure?
How do you detect and resolve memory leaks in .NET applications?
What’s your approach to diagnosing thread contention and deadlocks?

2. Benchmarking & Measurement¶

How do you use BenchmarkDotNet to evaluate code performance?
What’s the difference between micro-benchmarking and macro/system-level benchmarking?
How do you ensure benchmarks are reliable and reproducible?
How do you profile async/await methods for performance impact?
How do you design realistic load test scenarios that match production traffic?

3. .NET Optimization Techniques¶

How do you minimize boxing/unboxing overhead in .NET?
When would you use Span<T>, Memory<T>, or ValueTask for performance?
What are the trade-offs of using structs vs classes?
How do you avoid excessive LINQ allocations and optimize queries?
How do you reduce string allocations in high-performance scenarios (e.g., StringBuilder, pooling)?

4. Database Performance¶

How do you analyze slow queries in SQL Server or PostgreSQL?
What’s your approach to indexing strategies for OLTP systems?
How do you avoid N+1 query problems in EF Core/NHibernate?
What’s the difference between eager loading, lazy loading, and explicit loading, performance-wise?
How do you implement caching layers to reduce DB load?

5. API & Service Performance¶

How do you design APIs for low-latency and high-throughput?
What’s your approach to request batching and pagination?
How do you apply caching (output caching, in-memory, Redis) to APIs?
How do you reduce serialization overhead (System.Text.Json vs Newtonsoft.Json vs Protobuf)?
How do you design APIs to handle traffic spikes gracefully?

6. Distributed Systems & Scaling¶

How do you identify hot spots in a microservices architecture?
What’s your approach to horizontal vs vertical scaling decisions?
How do you design for idempotency and backpressure in distributed systems?
What strategies do you use to reduce queue latency in Service Bus/RabbitMQ?
How do you balance consistency vs availability (CAP theorem trade-offs)?

7. Cloud Performance Optimization¶

How do you monitor and optimize Azure App Service or AKS performance?
How do you configure autoscaling policies effectively?
How do you optimize cold start performance in Azure Functions?
How do you reduce egress costs and latency in cloud deployments?
How do you measure and optimize SLA/SLO compliance for cloud apps?

8. Frontend Performance¶

How do you improve Angular/Blazor load times (bundling, tree-shaking, AOT, lazy loading)?
How do you optimize rendering performance (trackBy, virtual scrolling, change detection strategy)?
What’s your approach to image optimization (responsive images, WebP, CDN)?
How do you measure and improve Core Web Vitals (LCP, FID, CLS)?
How do you handle state management performance issues (NgRx, Fluxor)?

9. Best Practices¶

How do you decide between premature optimization vs necessary performance work?
How do you define and monitor performance KPIs (latency, throughput, memory usage)?
How do you embed performance testing in CI/CD pipelines?
How do you evaluate trade-offs between simplicity vs performance hacks?
Can you share a real-world example of a performance issue you solved and its impact?

🔹 Architecture & Best Practices¶

1. Core Principles¶

What are the SOLID principles? Can you give a practical example of each?
How do you apply Separation of Concerns (SoC) in large solutions?
What’s the difference between KISS, DRY, and YAGNI principles?
How do you balance simplicity vs. over-engineering in design?
What’s your approach to technical debt management?

2. Domain-Driven Design (DDD)¶

What are the building blocks of DDD (entities, value objects, aggregates, repositories, bounded contexts)?
What’s the difference between a domain service and an application service?
How do you identify bounded contexts in a system?
How would you implement aggregate roots and invariants?
How do you manage domain events and their propagation?

3. Clean, Hexagonal & Onion Architecture¶

Can you outline the layers of Clean Architecture and what belongs in each?
How do you prevent business logic leakage into infrastructure?
What is the Hexagonal (Ports & Adapters) architecture, and how does it compare to Onion?
How do you enforce dependency inversion in .NET projects?
What’s your approach to shared kernel vs. bounded context isolation?

4. Event-Driven Architecture (EDA)¶

What’s the difference between commands, events, and queries?
How do you design event buses for microservices?
What are the trade-offs of eventual consistency?
How do you evolve event schemas without breaking consumers?
How do you handle idempotency and deduplication in event-driven systems?

5. Resilience & Fault Tolerance¶

What’s the difference between retry, circuit breaker, and bulkhead patterns?
How do you implement resilience with Polly in .NET?
How do you design APIs to gracefully degrade under load?
How do you implement timeouts, cancellation tokens, and fail-fast strategies?
What’s your approach to chaos engineering in distributed systems?

6. Scalability & Reliability¶

What’s the difference between horizontal vs. vertical scaling?
How do you design for stateless services?
What’s your approach to multi-region active/active vs. active/passive deployments?
How do you handle database sharding and partitioning?
How do you design systems to handle traffic spikes (e.g., Black Friday load)?

7. API & Service Design¶

How do you decide between REST, gRPC, and GraphQL for a service?
How do you implement API versioning?
How do you secure APIs (authN, authZ, rate limiting)?
What’s the role of an API Gateway in microservices? Which have you used (YARP, Ocelot, APIM)?
How do you design backend-for-frontend (BFF) patterns?

8. Security & Compliance¶

What’s the difference between OAuth2 and OpenID Connect?
How do you manage secrets and certificates in a distributed system?
How do you prevent OWASP Top 10 vulnerabilities (XSS, SQL injection, CSRF)?
How do you enforce least privilege and RBAC in services?
What’s your approach to compliance requirements (GDPR, HIPAA, SOC2)?

9. Observability & Governance¶

How do you implement centralized logging, tracing, and metrics?
What’s your experience with OpenTelemetry in .NET?
How do you define and enforce SLOs and SLAs?
What’s the role of Architecture Decision Records (ADRs)?
How do you design governance models for microservices teams?

10. Advanced Topics¶

How do you apply CQRS in real-world systems?
What’s the Saga pattern and when do you use orchestration vs. choreography?
How do you design systems for multi-tenancy?
What’s your experience with the actor model (e.g., Orleans, Akka.NET)?
How do you align architecture with business capabilities?

🔹 Software Engineering Practices & Design Patterns¶

1. Creational Patterns¶

What is the Factory Method pattern? Can you implement it in C# for creating database repositories?
How does the Abstract Factory differ from the Factory Method?
When would you use the Singleton pattern? How do you make it thread-safe in C#?
What’s the difference between Builder and Factory patterns?
How would you use the Prototype pattern to clone objects in .NET?

2. Structural Patterns¶

What is the Adapter pattern? How would you use it to integrate with a third-party API?
Explain the Decorator pattern. How would you use it for logging or caching cross-cutting concerns?
What is the Proxy pattern? How is it used in lazy-loading scenarios in EF Core or NHibernate?
When would you apply the Composite pattern (e.g., UI hierarchies)?
What’s the difference between Facade and Adapter?

3. Behavioral Patterns¶

How does the Strategy pattern differ from simple polymorphism? Give an example in a payment system.
Explain the Observer pattern. How does it relate to event-driven architecture (C# events, SignalR)?
What is the Mediator pattern? How is it used in CQRS with MediatR in .NET?
How does the Command pattern fit into CQRS?
What’s the difference between Template Method and Strategy?

4. Enterprise & .NET-Specific Practices¶

How do you apply the Repository and Unit of Work patterns in .NET?
What is the Specification pattern, and why is it useful for persistence and querying?
How do you apply the Decorator pattern with ASP.NET Core middleware?
How do Dependency Injection and Inversion of Control relate to design patterns?
How do you balance using patterns vs. avoiding over-engineering?

5. Anti-Patterns & Best Practices¶

What is an anti-pattern? Can you give examples (God Object, Spaghetti Code, Golden Hammer)?
What’s the danger of overusing the Singleton pattern?
How do you avoid the Big Ball of Mud in large codebases?
What’s your approach to refactoring legacy code to align with patterns?
How do you evaluate when not to use a design pattern?

🔹 Security, Observability & Advanced Topics¶

1. Authentication & Authorization¶

What’s the difference between OAuth2 and OpenID Connect?
How would you implement authentication with OpenIddict in a .NET solution?
What are the advantages of using Azure AD B2C for identity management?
What’s the difference between implicit, code, and client credentials flows?
How do you implement role-based (RBAC) and policy-based (PBAC) authorization in ASP.NET Core?

2. API & Application Security¶

How do you secure REST/gRPC APIs exposed to external clients?
How do you implement JWT validation and token refresh securely?
How do you prevent Cross-Site Scripting (XSS) in Angular/Blazor apps?
What’s the difference between CORS and CSRF, and how do you mitigate each?
How do you secure sensitive data (PII) in logs and telemetry?

3. OWASP Top 10 Mitigations¶

How would you protect against SQL Injection in .NET (EF Core/NHibernate)?
How do you prevent Insecure Deserialization in APIs?
How do you mitigate Broken Authentication issues?
How do you secure apps against XXE (XML External Entity) attacks?
How do you implement rate limiting and throttling to prevent abuse (DoS, brute force)?

4. Monitoring & Observability¶

What’s the difference between logging, metrics, and tracing?
How do you configure OpenTelemetry in .NET microservices?
Which monitoring platforms have you used (Grafana, Prometheus, Azure Application Insights, Log Analytics)?
How do you propagate correlation IDs across microservices?
How do you define and track SLOs, SLIs, and SLAs?

5. Chaos Engineering & Reliability Testing¶

What is chaos engineering and why is it important?
How would you simulate service failures in Kubernetes (Azure Chaos Studio, Gremlin)?
How do you validate resilience policies like retries and circuit breakers in production?
How do you test for failover scenarios in multi-region cloud deployments?
What’s your approach to game days (planned chaos experiments with teams)?

6. Cloud & Data Compliance¶

What steps do you take to ensure GDPR compliance in a SaaS platform?
How do you implement data residency requirements in Azure?
How do you handle HIPAA compliance for healthcare applications?
How do you manage audit logging and retention policies?
What’s your approach to PII encryption and anonymization in databases?

7. Advanced Security Practices¶

How do you implement mutual TLS (mTLS) between services?
What’s your experience with Key Vault secret rotation?
How do you secure CI/CD pipelines against supply chain attacks?
How do you integrate SAST/DAST (e.g., SonarQube, OWASP ZAP) in pipelines?
How do you enforce container image scanning & signing before production deploys?

8. Governance & Best Practices¶

How do you structure security policies across multiple microservices?
What’s the role of Architecture Decision Records (ADRs) in security/observability?
How do you enforce least privilege access in Azure?
How do you conduct threat modeling for APIs?
How do you audit and report compliance evidence for SOC2/ISO27001?

🔹 AI, OpenAI, Semantic Kernel & Intelligent Systems¶

1. AI Fundamentals in Applications¶

What are the key differences between traditional software engineering and AI-augmented applications?
What are LLMs (Large Language Models) and how do they differ from classical ML models?
How do you handle AI inference latency in production apps?
What’s your approach to AI evaluation metrics (accuracy, hallucination rate, relevance)?
How do you design for human-in-the-loop (HITL) validation?

2. OpenAI / Azure OpenAI Integration¶

How would you integrate OpenAI GPT models into a .NET application?
What’s the difference between using OpenAI API vs Azure OpenAI Service?
How do you handle prompt engineering to improve response quality?
How do you ensure deterministic behavior for mission-critical AI features?
How do you manage cost optimization when calling LLMs at scale?

3. Azure AI Services¶

Which Azure AI Services have you used (Cognitive Search, Form Recognizer, Speech, Vision)?
How do you integrate Cognitive Search with an OpenAI model (RAG architecture)?
How do you process documents with Form Recognizer and integrate them into workflows?
How do you implement speech-to-text and text-to-speech in a bot?
What’s your approach to AI-driven personalization (recommendations, semantic search)?

4. Microsoft Bot Framework & Conversational AI¶

What are the main building blocks of the Microsoft Bot Framework?
How do you implement adaptive dialogs and LUIS/Orchestrator recognizers?
How do you connect a bot to Azure Bot Service and integrate with Teams or WebChat?
How do you handle state management in bots (conversation, user, external stores)?
How do you test and monitor bots in production?

5. Semantic Kernel¶

What is Semantic Kernel and how does it differ from calling OpenAI APIs directly?
How do you design skills, planners, and connectors in Semantic Kernel?
How do you integrate prompt templates with C# functions?
What’s the role of memory stores (vector DBs, embeddings) in SK?
How would you implement an AI agent orchestration scenario using SK?

6. Tooling & AI Orchestration¶

What’s your experience with LangChain or Semantic Kernel for orchestration?
How do you decide between embedding search (RAG) and fine-tuning?
How do you integrate external tools/APIs into AI pipelines (e.g., weather API, DB lookup)?
How do you prevent tool misuse or security leaks when exposing tools to LLMs?
How do you monitor AI pipeline reliability and failures?

7. Data & Knowledge Management¶

How do you preprocess documents for chunking & embeddings?
What’s your approach to vector DB selection (Azure Cognitive Search, Pinecone, Weaviate, Redis)?
How do you handle knowledge freshness in AI-driven apps?
How do you ensure multi-tenant isolation in AI knowledge bases?
How do you secure sensitive data used for training/inference?

8. AI Risks & Governance¶

What are AI hallucinations, and how do you mitigate them?
How do you enforce guardrails in AI responses?
What’s your approach to responsible AI (bias, explainability, fairness)?
How do you log and audit AI-generated outputs for compliance?
How do you align AI solutions with GDPR, HIPAA, or SOC2?

9. Advanced Scenarios¶

How do you combine OpenAI + Cognitive Search + Bot Framework into a full pipeline?
How do you design multi-agent collaboration (planner + specialist agents)?
What’s your approach to integrating AI assistants into developer workflows (DevOps copilots, test generation)?
How would you embed AI in event-driven architectures?
How do you future-proof AI solutions as models and APIs evolve?

🔹 Scenario-Based System Design & Problem Solving¶

1. SaaS & Authentication¶

You need to build a multi-tenant SaaS platform. How would you design tenant isolation (logical vs physical)?
You need to integrate authentication & authorization. Would you use OpenIddict, Azure AD B2C, or IdentityServer? Why?
How would you implement role-based access control (RBAC) for multiple tenants?
How would you secure API-to-API communication between services?
How would you handle user provisioning and federation (Google/Microsoft login)?

2. Web Applications¶

You need to build an inventory management system (web-based). How would you structure frontend (Angular/Blazor) and backend (ASP.NET Core)?
How would you handle real-time inventory updates (SignalR vs polling)?
How would you implement search and filtering in a large product catalog?
How would you add audit logging for user actions (who changed stock, when)?
How would you expose the system as a PWA for mobile warehouse workers?

3. API & Integration¶

You are tasked with building a REST + gRPC API for customer management. How would you design versioning and backward compatibility?
A client needs GraphQL support for analytics. How do you integrate GraphQL alongside REST?
You must integrate with a third-party payment gateway. How do you handle retries, idempotency, and security of callbacks?
How would you design an API gateway layer to manage authentication, throttling, and monitoring?
How would you expose APIs to partners without exposing the entire system?

4. Messaging & Distributed Systems¶

You need to implement an order processing workflow across multiple services. Would you use MassTransit, NServiceBus, or Service Bus? Why?
How would you design a saga workflow for order → payment → shipping → notification?
How would you guarantee idempotency when messages are retried?
A service is slow and causes queue backlogs. How do you detect and fix this?
How do you decide when to use sync (REST/gRPC) vs async (queues/events)?

5. Databases & Persistence¶

You need to design a multi-tenant database for SaaS. Do you use single database, schema-per-tenant, or database-per-tenant? Why?
How would you implement soft deletes and audit trails in EF Core/NHibernate?
How would you handle schema migrations in production for hundreds of tenants?
How would you cache frequently used queries (Redis, in-memory)?
How do you ensure consistency across multiple databases (SQL + NoSQL mix)?

6. Cloud & DevOps¶

You need to deploy services to Azure AKS. How do you handle secrets, scaling, and rolling updates?
How would you design zero-downtime deployments for a SaaS platform?
How do you choose between Azure Functions and background workers?
How would you implement disaster recovery across multiple Azure regions?
How do you ensure compliance (GDPR/HIPAA) in Azure deployments?

7. Testing & Quality¶

You need to test a payment workflow. How do you design unit, integration, and E2E tests?
How would you automate load testing for an API?
How do you handle mocking external APIs in integration tests?
How would you enforce 80% test coverage in CI/CD pipelines?
How do you detect and fix flaky tests in CI/CD?

8. Observability & Monitoring¶

You are tasked with adding observability to a microservice system. How do you set up tracing, logging, and metrics?
How would you use OpenTelemetry with Azure Application Insights?
How would you detect memory leaks in a production service?
How would you design dashboards in Grafana for a SaaS system?
How do you use chaos testing to validate system resilience?

9. Frontend Scenarios¶

You need to build a dashboard app for a healthcare system. How do you design components, modules, and routing in Angular?
How do you implement state management (NgRx, BehaviorSubject, Fluxor) in a Blazor/Angular app?
How would you add i18n support for English, Russian, Hebrew?
How do you implement real-time UI updates from SignalR?
How do you ensure WCAG 2.1 compliance in your frontend?

10. AI & Intelligent Features¶

You are asked to integrate a chatbot using Microsoft Bot Framework and Azure OpenAI. How do you design it?
How do you build a retrieval-augmented generation (RAG) system with OpenAI + Azure Cognitive Search?
How would you add semantic search to an existing SaaS product?
How do you prevent hallucinations in AI-generated responses?
How do you log and audit AI outputs for compliance (GDPR, HIPAA)?

🔹 Teamwork, Leadership & Communication¶

1. Mentorship & Collaboration¶

How do you mentor junior developers in your team?
Can you describe a time when you helped a teammate overcome a technical challenge?
How do you foster knowledge sharing within a distributed team?
What’s your approach to pair programming and code reviews?
How do you handle disagreements in technical discussions?

2. Communication & Stakeholder Alignment¶

How do you explain complex technical decisions to non-technical stakeholders?
Can you describe a time when you had to convince business stakeholders about a technical trade-off?
How do you ensure alignment between business goals and engineering priorities?
What’s your approach to handling conflicting requirements from multiple stakeholders?
How do you communicate project risks early to prevent surprises?

3. Decision-Making & Ownership¶

How do you balance delivery speed vs. long-term maintainability (technical debt)?
Can you describe a situation where you had to make a difficult trade-off between scope, time, and quality?
How do you prioritize tasks when multiple features or bugs compete for attention?
What’s your decision-making process when choosing between two competing technical solutions?
How do you take ownership when a project encounters setbacks or failures?

4. Leadership & Influence¶

How do you set expectations and hold your team accountable for quality and deadlines?
What’s your approach to building a culture of continuous improvement?
How do you identify and nurture future leaders within your team?
How do you adapt your leadership style for senior vs junior team members?
How do you handle underperforming developers?

5. Remote Work & Team Dynamics¶

What’s your approach to working in a remote-first or hybrid team?
How do you ensure clear communication across time zones?
How do you maintain team morale during stressful delivery periods?
How do you prevent knowledge silos in distributed projects?
What tools and practices have you found most effective for remote collaboration?

📋 Interview Questions¶

🔹 C# Language & OOP Foundations¶

1. OOP Principles¶

2. Types & Memory¶

3. Generics & Collections¶

4. Delegates, Events, and LINQ¶

5. Asynchronous Programming¶

6. Advanced Features¶

7. Reflection & Attributes¶

8. Memory Management & Performance¶

9. Threading & Parallelism¶

10. C# Language Evolution¶

🔹 Backend Foundations (.NET Core)¶

1. Core .NET vs .NET Core¶

2. Application Startup & Middleware¶

3. Dependency Injection (DI)¶

4. Controllers & Endpoints¶

5. Configuration & Options¶

6. Health Checks & Readiness¶

7. Telemetry & Logging¶

8. Error Handling & Resilience¶

9. Hosting & Services¶

10. Advanced Topics¶

🔹 Data & Persistence¶

1. ORM & Data Access¶

2. Querying & LINQ¶

3. Transactions & Concurrency¶

4. Database Migrations & Versioning¶

5. Caching & Performance¶

6. Advanced Persistence Patterns¶

7. Multi-Database & Cloud Datastores¶

8. Security & Compliance¶

🔹 Messaging & Distributed Systems¶

1. Messaging Fundamentals¶

2. Azure Service Bus / RabbitMQ Basics¶

3. Frameworks: MassTransit & NServiceBus¶

4. Idempotency & Reliability¶

5. Distributed Transactions & Sagas¶

6. Event-Driven Architecture (EDA)¶

7. Monitoring & Observability¶

8. Performance & Scaling¶

9. Security & Compliance¶

🔹 Service Models & Communication¶

1. API Paradigms & Protocols¶

2. REST API Design¶

3. gRPC Services¶

4. GraphQL APIs¶

5. Real-Time Communication (SignalR)¶

6. Inter-Service Communication Patterns¶

7. API Gateways & Edge¶

8. Service Discovery & Load Balancing¶

9. Security & Compliance¶

10. Observability, Contracts & Governance¶

11. Performance & Resilience¶

12. Advanced Topics¶

🔹 Frontend (Angular / Blazor / JS)¶

1. Angular Fundamentals¶

2. TypeScript & JavaScript¶

3. State Management¶

4. Data Binding & Communication¶

5. Routing & Navigation¶

6. Real-Time Communication¶

7. Blazor Fundamentals¶

8. UI/UX, Accessibility & Performance¶

9. Testing & Quality¶

10. Advanced Topics¶

🔹 Cloud & DevOps¶

1. Azure Fundamentals¶

2. Containerization & Orchestration¶

3. Infrastructure as Code (IaC)¶

4. CI/CD & Pipelines¶

5. Secrets & Config Management¶

6. Monitoring & Observability¶

7. Resilience & Reliability¶

8. Security & Compliance¶

🔹 CI/CD, Git & Collaboration¶

1. Version Control & Branching¶

2. Pull Requests & Code Reviews¶

3. CI/CD Pipelines¶

4. Release Strategies¶