Comprehensive Backend Interview Guide: Network, Security, JVM, Spring, Redis, MySQL and More

Interview Overview

ByteDance places strong emphasis on algorithms and fundamental knowledge. Candidates are advised not to reveal familiarity with a problem too early, as interviewers may probe further with additional questions.

Network Protocols

Common Protocols

Familiarity with HTTP, HTTPS, TCP, UDP is expected.

HTTP vs HTTPS

Key differences include cleartext transmission, SSL/TLS encryption, handshake complexity, default ports (80 vs 443), and the need for a digital certificate from a CA.

SSL/TLS Handshake (RSA key exchange)

The handshake consists of four steps:

ClientHello – client sends supported TLS version, random number, and cipher suites.

ServerHello – server responds with chosen version, random number, cipher suite and certificate.

Client sends a pre‑master secret encrypted with the server’s public key and a change‑cipher‑spec message.

Server acknowledges and both sides derive the session key.

After the handshake, normal HTTP traffic is encrypted with the session key.

HTTP Status Codes

Five classes: 1xx (informational), 2xx (success), 3xx (redirection), 4xx (client error), 5xx (server error). Common codes: 200, 301, 302, 404, 405, 500.

Common HTTP Headers

Request: Host, Content-Type, Content-Length, Cookie. Response: Content-Type, Content-Length, Cache-Control, Set-Cookie, Location, Server.

HTTPS Integrity

SSL/TLS uses a MAC to verify data integrity for each packet.

OCSP and CRL

CRL provides a list of revoked certificates but suffers from latency and size issues. OCSP queries the CA in real time for a certificate’s status. OCSP Stapling lets the server cache the OCSP response and present it during the handshake, reducing client‑side network overhead.

Session Resumption

Two mechanisms: Session ID (server stores the key) and Session Ticket (client stores an encrypted ticket). Session ID can increase server memory usage; Session Ticket offloads storage to the client.

Stateless HTTP vs State Management

HTTP is stateless; state is maintained via cookies, sessions, or tokens.

CSRF Mitigation

Validate user session.

Use double‑submit tokens or CAPTCHAs.

Enforce strict Referrer checks.

RPC and Dubbo

Common RPC frameworks: gRPC, Dubbo, Thrift. Dubbo’s registry (e.g., Zookeeper) handles service registration and discovery. Calls can be synchronous or asynchronous (with or without return values).

Java Fundamentals

Class Loading Mechanism

Stages: Load, Link (Verify, Prepare, Resolve), Initialize, Use, Unload. The parent‑delegation model ensures uniqueness, security, and layered loading.

Parent‑Delegation Model

Class loaders delegate to their parent before attempting to load a class, ultimately reaching the BootstrapClassLoader. Overriding loadClass() or using the thread context class loader can break the model when needed.

JVM Memory & GC

Runtime memory areas: Program Counter, Java Stack, Native Stack, Heap, Metaspace, Direct Memory.

Garbage‑Collection Algorithms

Mark‑Sweep

Copying

Mark‑Compact

Generational (Young/Old)

G1 Collector

Uses region‑based marking‑compact, offers predictable pause times, and parallelism.

OOM Diagnosis

Detect via logs (e.g., java.lang.OutOfMemoryError).

Enable -XX:+HeapDumpOnOutOfMemoryError for analysis.

Monitor with jstat and set appropriate alerts.

Operating System Concepts

Process, Thread, Coroutine

Process – isolated memory, heavy context switch. Thread – shares process memory, lighter switch. Coroutine – user‑level, minimal switch cost.

Scheduling Algorithms

FCFS, SJF, SRTF, Round‑Robin, Multilevel Queue, MLFQ.

Deadlock

Four conditions: mutual exclusion, hold‑and‑wait, no preemption, circular wait. Prevention methods include ordered resource allocation.

Banker’s Algorithm

Safety‑check before allocating resources to avoid deadlock.

Spring Framework

Bean Lifecycle

Instantiation

Dependency injection

Aware interfaces (BeanName, BeanFactory, ApplicationContext)

BeanPostProcessor before init

InitializingBean / init‑method

BeanPostProcessor after init

Ready for use

DisposableBean / destroy‑method on shutdown

BeanPostProcessor vs BeanFactoryPostProcessor

Factory post‑processor runs once before bean instantiation; bean post‑processor runs for each bean after instantiation.

BeanFactory vs ApplicationContext

ApplicationContext extends BeanFactory, adds internationalization, event handling, and eager singleton pre‑instantiation.

Redis

Cache Issues

Cache avalanche – many keys expire simultaneously; mitigate with random TTL and mutex locks.

Cache breakdown – hotspot key expires; use mutex or never‑expire with background refresh.

Cache penetration – requests for non‑existent data; block illegal requests, cache nulls, or use Bloom filters.

Big‑Key Problem

Large values (>1 MB) or collections with >10 k elements cause performance degradation. Solutions: split keys, async deletion, monitor memory, and purge expired data.

MySQL

Index Pitfalls

Leading wildcard LIKE, functions on indexed columns, implicit type conversion, left‑most rule violations, OR conditions mixing indexed and non‑indexed columns.

SQL Optimization

Analyze with EXPLAIN.

Create appropriate (single or composite) indexes.

Avoid index‑invalidating patterns.

Use covering indexes, limit columns, and pagination tricks.

Consider sharding large tables and caching hot data.