Your team is discussing API design. One member says: "Should we use REST or RPC for this service?" What is the key distinction?
REST is resource-oriented (nouns); RPC is action-oriented (verbs) — REST (Representational State Transfer) models resources and uses HTTP methods (GET /users, POST /orders). RPC (Remote Procedure Call) models operations (getUser, createOrder). gRPC is Google's modern RPC framework using Protocol Buffers. GraphQL is sometimes called "RPC-like" for this reason. For public APIs, REST is conventional; for internal microservice communication, gRPC/RPC is often preferred for performance.
2 / 8
Your DevOps lead asks: "Did you mean to set up CI or also CD?" What is the difference?
CI = Continuous Integration; CD = Continuous Delivery / Deployment — CI focuses on integrating code changes frequently with automated tests (lint, unit tests, build) triggered on every commit. CD goes further: Continuous Delivery ensures every passing build is deployable and may require a manual approval gate; Continuous Deployment goes all the way — every green build is automatically deployed to production. A typical pipeline: push → CI runs tests → CD deploys to staging → optionally, CD deploys to production.
3 / 8
A PM asks you to clarify the difference between SLA, SLO, and SLI. How do you explain them?
SLA → SLO → SLI form a hierarchy — SLI (Service Level Indicator) is the raw metric: "our measured uptime this month is 99.91%". SLO (Service Level Objective) is your target: "our uptime SLO is 99.9%". SLA (Service Level Agreement) is the contract with a customer specifying what happens if the SLO is not met (credits, refunds, escalation). You can have SLOs and SLIs with no SLA (internal services). An SLA without clear SLIs and SLOs is meaningless — you can't know if you've breached it.
4 / 8
Which abbreviation fits this sentence: "We store session state in _____ to avoid keeping it in memory on the application server."
Redis — Redis (Remote Dictionary Server) is an in-memory data structure store commonly used for session caching, pub/sub messaging, and rate limiting. It is not technically an abbreviation (it's a proper name) but it is a universally recognised initialism in tech. Sessions stored in Redis are accessible by any application server instance, enabling horizontal scaling. Compare to: CDN (static asset delivery), DNS (domain resolution), ORM (database query abstraction) — none of which are session stores.
5 / 8
Your security team mentions "OWASP Top 10". What does OWASP stand for, and what is the Top 10?
Open Web Application Security Project — Top 10 web security risks — OWASP is a non-profit that publishes security standards. The OWASP Top 10 is updated roughly every 3–4 years and lists the most critical application security risks. The 2021 edition top entries include: Broken Access Control, Cryptographic Failures, Injection (SQL, XSS), and Insecure Design. Knowing OWASP Top 10 is considered baseline security knowledge for any developer. Usage: "This endpoint is vulnerable to OWASP A01 — broken access control", "our security review checklist is based on OWASP".
6 / 8
A colleague says: "The K8s cluster is on GKE." What does GKE stand for?
Google Kubernetes Engine — GKE is Google Cloud's managed Kubernetes service. The equivalent on AWS is EKS (Elastic Kubernetes Service) and on Azure is AKS (Azure Kubernetes Service). "K8s" = Kubernetes (K + 8 letters + s). Managed Kubernetes services (GKE/EKS/AKS) handle control plane upgrades, node provisioning, and autoscaling. Usage: "Deploying to GKE via Cloud Build", "the GKE cluster autoscaler is configured", "EKS node group is out of capacity".
7 / 8
Your team says the new feature needs to be "GDPR compliant". What does GDPR stand for and when does it apply?
General Data Protection Regulation — applies to ANY service processing EU residents' data — GDPR is an EU regulation (2018) with global reach: if your service has users in the EU, GDPR applies regardless of where your company is incorporated. Key requirements: lawful basis for processing personal data, right to access/deletion ("right to be forgotten"), data breach notification within 72 hours, data minimisation. Fines up to 4% of global annual revenue or €20M. Usage: "The delete account feature needs GDPR-compliant data purge", "document the lawful basis for sending marketing emails".
8 / 8
Which phrase correctly uses "ETL"?
ETL = Extract, Transform, Load — a data integration pattern where data is extracted from a source system, transformed (cleaned, aggregated, reformatted) to fit the target schema, and loaded into a destination (data warehouse, data lake). Example tools: Apache Spark, dbt, AWS Glue, Fivetran. Usage: "The ETL job runs at 02:00 UTC", "the transformation step in the ETL pipeline normalises currency to USD", "the ETL pipeline broke because the source schema changed". ETL is not an API protocol or a frontend technology.