Home

Interview preparation

Java:

https://github.com/learning-zone/java-interview-questions

Trouble shooting thread dumps

java 8

https://www.interviewbit.com/java-8-interview-questions/

spring-security https://www.interviewbit.com/spring-security-interview-questions/

Owasp: https://owasp.org/www-project-top-ten/ https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

Spring: https://www.interviewbit.com/spring-interview-questions/

SQL https://www.interviewbit.com/sql-interview-questions/

Linux https://www.interviewbit.com/linux-interview-questions/

Java

What is dynamic polymorphism ?
What is immutable class ? example , use cases
Write a immutable class for a Employee has String name, int id, Date doj, Float salary, hobbies List
what changes needs be done in this class to use it as key in hashmap
want to sort employee basis on salary
add clone functionality to Employee
What is concurrent hash map ? how it works ?
What is the difference between thread and process ? inter thread communication and inter-process communication

**Security : **

What is a vulnerability? how many types of them you have addressed ?

What is micro service architecture ?

What are the various security feature provided by spring ?

What is Directory traversal/ path-traversal sequences ? How to prevent a directory traversal attack? https://portswigger.net/web-security/file-path-traversal

What is oauth2 ? what is different grant type in oauth2 ?

What is CSRF? how would you design a solution to apply it across microservices?

What is XSS ? how do you fix them ?

What is brute force attack ? How would you protect it for authentication ? How would you design this feature ? ( good password policy with password size at least 8 or more chars, IP blocking, ( when ip is common like citrix or load balancer ip), MFA)

How would you design a solution where you need to enable you customer's employee can login with same username and password from our application login page ?

How would you design a solution where you need to enable, authentication from customer's portal and based on users role defined at customer end we need to map roles in our product for authorization ?

What is Oidc ?

How would you develop a system or procedure to eliminate vulnerabilities across products in a systematic way may initially targeting only critical then in next sprint major and so on ?

What is issue with this below code ?

XSS
<script> var x = '<%= token %>'; var d = document.createElement('div'); d.innerHTML = x; document.body.appendChild(d); </script>

Open redirection issue

protected void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException
{
  String query = request.getQueryString();
  if (query.contains("fwd"))
   {
      String fwd = request.getParameter("fwd");
      try
      {
        request.getRequestDispatcher(fwd).forward(request, response);
      }
      catch (ServletException e)
      {
        e.printStackTrace();
      }
   }
}

**Trouble shooting **

Deadlock identification, mitigations
Application slow analysis
Memory leaks identification
what you do to remote debug a docker running container

performance issue troubleshooting

-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/com/data/heapdump/heapdump-reporter-pm-23-9ptwc.dump -XX:InitialHeapSize=14000000000 -XX:MaxHeapSize=14000000000 -XX:+PrintCommandLineFlags -XX:+PrintGC -XX:+PrintGCApplicationConcurrentTime -XX:+PrintGCApplicationStoppedTime -XX:+PrintGCDateStamps -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintHeapAtGC -XX:+PrintSafepointStatistics -XX:+PrintTenuringDistribution -XX:+UseCompressedClassPointers -XX:+UseCompressedOops -XX:+UseParallelGC

**GWT / java script: **

What GWT ? its feature? How do you debug GWT application ? https://www.tutorialspoint.com/gwt/gwt_interview_questions.htm

https://medium.com/@pulapaphani/why-overriding-equals-and-hashcode-in-java-b5f869f985d2

Employee implements Comparable {

private String name; 
private int salary; 

// Used to sort movies by year (desc order)
public int compareTo(Employee m) 
{ 
    return this.salary- m.salary; 
}

}

solid-design-principle

https://stackify.com/solid-design-open-closed-principle/

Single Responsibility Principle
Open/Closed Principle
Liskov Substitution Principle
Interface Segregation Principle
Dependency Inversion

https://github.com/xoraus/CrackingTheSQLInterview

XML :

https://www.tutorialspoint.com/java_xml/java_xml_parsers.htm

Linux :

Symbolic link ln -s src folderpath linkname

Listing java process: ps -auxww grep java | grep <>

checking free memory : free -g

check size of directory du -sh path

Heapdums:

jmap -dump:format=b,file= Example: jmap -dump:format=b,file=/opt/tmp/heapdump.bin 37320

jcmd

jcmd GC.heap_dump
where
pid: is the Java Process Id, whose heap dump should be captured
file-path: is the file path where heap dump will be written in to.
Example:
1 jcmd 37320 GC.heap_dump /opt/tmp/heapdump.bin

What is a vulnerability? A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application.

Please do not post any actual vulnerabilities in products, services, or web applications. Those disclosure reports should be posted to bugtraq or full-disclosure mailing lists.

Examples of vulnerabilities Lack of input validation on user input Lack of sufficient logging mechanism Fail-open error handling Not closing the database connection properly

https://owasp.org/www-project-top-ten/

ACID Properties in DBMS transaction

Atomicity Atomicity requires that each transaction be "all or nothing": if one part of the transaction fails, then the entire transaction fails, and the database state is left unchanged. An atomic system must guarantee atomicity in each and every situation, including power failures, errors and crashes. To the outside world, a committed transaction appears (by its effects on the database) to be indivisible ("atomic"), and an aborted transaction does not happen.

Consistency The consistency property ensures that any transaction will bring the database from one valid state to another. Any data written to the database must be valid according to all defined rules, including constraints, cascades, triggers, and any combination thereof. This does not guarantee correctness of the transaction in all ways the application programmer might have wanted (that is the responsibility of application-level code), but merely that any programming errors cannot result in the violation of any defined rules.

Isolation The isolation property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed sequentially, i.e., one after the other. Providing isolation is the main goal of concurrency control. Depending on the concurrency control method (i.e., if it uses strict - as opposed to relaxed - serializability), the effects of an incomplete transaction might not even be visible to another transaction.

Durability The durability property ensures that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors. In a relational database, for instance, once a group of SQL statements execute, the results need to be stored permanently (even if the database crashes immediately thereafter). To defend against power loss, transactions (or their effects) must be recorded in a non-volatile memory.

Which operator is used to search for a specified text pattern in a column?

The LIKE operator is used in a WHERE clause to search for a specified pattern in a column. There are two wildcards used in conjunction with the LIKE operator: % - The percent sign represents zero, one, or multiple characters _ - The underscore represents a single character

Examples:

WHERE CustomerName LIKE 'a%' -- Finds any values that starts with "a" WHERE CustomerName LIKE '%a' -- Finds any values that ends with "a" WHERE CustomerName LIKE '%or%' -- Finds any values that have "or" in any position WHERE CustomerName LIKE 'r%' -- Finds any values that have "r" in the second position WHERE CustomerName LIKE 'a%_%' -- Finds any values that starts with "a" and are at least 3 characters in length WHERE ContactName LIKE 'a%o' -- Finds any values that starts with "a" and ends with "o"

How to write a query to show the details of a student from Students table whose FirstName starts with 'K'?

SELECT * FROM Students WHERE FirstName LIKE 'K%'.

Explanation from previous question applies.

performance tuning of oracle
What is a trigger? Triggers in SQL is kind of stored procedures used to create a response to a specific action performed on the table. You can invoke triggers explicitly on the table in the database. Triggers are, in fact, written to be executed in response to any of the following events: A database manipulation (DML) statement (DELETE , INSERT , or UPDATE ) A database definition (DDL) statement (CREATE , ALTER , or DROP ). A database operation (SERVERERROR , LOGON , LOGOFF , STARTUP , or SHUTDOWN). Action and Event are two main components of SQL triggers when certain actions are performed the event occurs in response to that action.

XML Parser:

Dom Parser − Parses an XML document by loading the complete contents of the document and creating its complete hierarchical tree in memory.

SAX Parser − Parses an XML document on event-based triggers. Does not load the complete document into the memory.

JDOM Parser − Parses an XML document in a similar fashion to DOM parser but in an easier way.

StAX Parser − Parses an XML document in a similar fashion to SAX parser but in a more efficient way.

XPath Parser − Parses an XML document based on expression and is used extensively in conjunction with XSLT.

DOM4J Parser − A java library to parse XML, XPath, and XSLT using Java Collections Framework. It provides support for DOM, SAX, and JAXP.

Provide feedback

Saved searches