Back-End Development Cheat Sheet 2026

The 30 highest-yield Back-End Development facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

65 questions
90 min time limit
70.00% to pass
  1. Which of the following is a constraint of REST architecture? Statelessness
  2. What is HTTP caching and which header controls cache duration for browser and CDN caching? Browser and CDN caching of HTTP responses — controlled by the Cache-Control header
  3. A word or phrase used to specify which columns should be returned by a query Select
  4. What does ACID stand for in database transactions? Atomicity, Consistency, Isolation, Durability
  5. A broad view of a database showing all its tables and connections. Schema
  6. What does 'idempotency' mean in the context of a message consumer? Processing the same message multiple times produces the same result as processing it once
  7. What is the purpose of message durability in a message broker? Ensuring messages survive broker restarts by persisting them to disk
  8. A set of data spanning all rows in a table with the same datatype (records) Column
  9. What HTTP status code should a REST API return when a resource is successfully created? 201 Created
  10. What is the best way to prevent SQL injection in a back-end application? Using parameterized queries or prepared statements
  11. In REST API design, what is the correct URL pattern for retrieving a specific user by ID? /users/5
  12. What is 'event sourcing' in back-end architecture? Storing all state changes as an ordered, immutable sequence of events
  13. What is JWT and what is it commonly used for in back-end applications? JSON Web Token — used for stateless authentication and authorization
  14. What is the difference between authentication and authorization? Authentication verifies identity; authorization determines permissions
  15. What is the purpose of environment variables in back-end application security? To store sensitive configuration like API keys and passwords outside of source code
  16. What does HATEOAS stand for in REST API design? Hypertext As The Engine Of Application State
  17. What is CQRS (Command Query Responsibility Segregation)? A pattern that separates the model for writing data (commands) from reading data (queries)
  18. What does SQL injection attack involve? Inserting malicious SQL code into input fields to manipulate database queries
  19. Which HTTP status code indicates that the client is not authorized to access a resource (authentication required)? 401 Unauthorized
  20. In Apache Kafka, what is a 'partition'? An ordered, immutable sequence of messages within a topic
  21. What routing behavior does RabbitMQ's 'direct exchange' provide? It routes messages to queues whose binding key exactly matches the message routing key
  22. What is a refresh token and how does it work alongside an access token? A long-lived token used to obtain new short-lived access tokens without re-authentication
  23. What does CORS stand for and why is it important in REST APIs? Cross-Origin Resource Sharing — controls which domains can access the API
  24. Describe a database. A structured collection of data
  25. What is denormalization and when is it used? Intentionally introducing redundancy into a database schema to improve read performance
  26. What is rendering on a server? The process of generating HTML on the server and sending it to the client
  27. In REST API versioning, which approach embeds the version number in the URL path? URI versioning
  28. Which SQL command is employed to retrieve data from a database? Select
  29. What is a message queue primarily used for in back-end systems? Decoupling services and enabling asynchronous communication
  30. What hashing algorithm is recommended for storing passwords and why? bcrypt or Argon2 — they are slow by design and include salting