Introduction

Following on from my previous articles on interview screening questions for a Java Engineer or a Security Engineer, in the last part of this series I will present a list of screening questions I use for interviewing a Performance Engineer candidate. Like the security role, the performance role has to include a full-stack view of the application, so a braod knowledge is required appart from just programming. The programming-related questions here focus on Java and the JVM, but most of the questions in this artilce are also applicable for non-Java applications.

Interview questions

Q1: What is the difference between performance and scalability?

Response flags: Often mixed up, perf eng should know better.

Q2: What are the two "directions" in which to scale?

Response flags: Horizontal vs. vertical, pros and cons of each.

Q3: What is a VPS?

Response flags: Should explain what this is, chance to display knowledge of VM providers (Xen, VMWare etc.).

Q4: When would you use a VPS versus a physical server?

Response flags: Should explain some of the shortcomings of virtual servers.

Q5: What is a load balancer? What main types are there?

Response flags: Should know this, types are software and hardware.

Q6: In a load balancing strategy, what is the difference between "round robin" and "sticky sessions"?

Response flags: Client is sent to same server each time (sticky), versus different server each time. Bonus points for example how central session store facilitates round robin, and how it's faster.

Q7: What must a load balancer maintain in order to track session storage?

Response flags: Table mapping client IP to upstream server.

Q8: What is a disadvantage of maintaining sticky sessions?

Response flags: IP table lookup is an overhead. Client is logged out in single upstream server that has their session goes offline.

Q9: What is the difference between a load balancer and a reverse proxy?

Response flags: Perf eng should be familiar with both, give and explanation of reverse proxy usage.

Q10: In a web architecture, where would you typically decrypt SSL traffic?

Response flags: In load balancer, ideally with dedicated h/w due to overhead. Traffic inside datacenter can be plain.

Q11: During testing if you needed to intercept traffic between a HTTP client and a server, what tools could you use? What if the traffic was encrypted?

Response flags: Wireshark, Fiddler, many other proxies. For SSL you would need a copy of the cert key from the server.

Q12: When a thread running on a CPU needs to access some data, describe the some of the physical locations where that data might be stored, starting with the closest to the furthest away.

Response flags: CPU L1/2/3 cache, RAM, local disc (SSD, then RAID), LAN (data cache, then DB, also potentially file server), internet host (file server, remote API...).

Q13: Why does physical proximity to data matter?

Response flags: It loads faster!

Q14: In a web application, what is a CDN? What are the benefits?

Response flags: Network proximity, bonus points for mentioning higher probability of warm browser cache for widely-used CDNs like Google.

Q15: What are the two main types of data caches?

Response flags: Private vs. shared, explains the merits of both.

Q16: What is the classic problem involved with using caches?

Response flags: Cache invalidation, discuss approaches to this.

Q17: What is TTL of a cache entry? When should you use this?

Response flags: Time To Live, and it depends! Give examples.

Q18: Between a web browser and a web server responding with some data, how many layers of caching might exist?

Response flags: Browser cache, proxy cache (e.g. Squid), file cache (e.g. precompiled page template), shared data cache (e.g. Memcache, Redis), database query cache...

Q19: Rather than requesting the same full response each time, how would a HTTP client check to see if the previous response for the same request had updated on the HTTP server?

Response flags: Discuss HTTP caching headers like etags (md5 hash key exchange), or if-modified-since/last-modified (UNIX timestamps), mention bodyless 304 responses (not modified).

Q20: In relational databases, what are common "performance killer" queries?

Response flags: Too many joins, nested/sub-queries, querying on columns with no indexes, lack of partitions.

Q21: What can you do to improve query performance?

Response flags: See previous question, plus look at prepared statements and potentially stored procedures.

Q22: In performance testing, what is the difference between load, stress, and soak testing?

Response flags: Load - testing to a specified expected amount. Stress - burst traffic beyond expected amount. Soak - apply load testing for a prolonged period of time.

Q23: When conducting a Java code review, what are the common performance anti-patterns that you look out for?

Response flags: Should expect a broad list here.

Q24: What is the Java heap?

Response flags: The heap stores all of the objects created by your Java program, should mention GC.

Q25: When debugging a Java app, how would you identify major and minor garbage collection?

Response flags: In the log - minor collection prints "GC" if garbage collection logging is enable, full is "Full GC".

Q26: What is Perm Gen space in the Java memory heap?

Response flags: Used to store class meta data.

Q27: In Java 8 the Perm Gen space was replace with what?

Response flags: Metaspace.

Q28: Explain the -Xmx and -Xms paramaters of the JVM?

Response flags: JVM argument -Xmx defines the maximum heap size. The arg -Xms defines the initial heap size.

Q29: When does an Object becomes eligible for garbage collection in Java?

Response flags: No more active references to the object, or not reachable by any live thread.

Q30: If a production web app is not responding, how can you figure out what is wrong?

Response flags: Broad question to allow candidate to display investigation process: what logs to review (load balancers, app servers, DB slow query), what monitoring do we have (disc I/O, memory, paging to disc, CPU load), is there a spike in traffic due to advertising campaign, or DOS attack etc.?