Back-End Development Cheat Sheet 2026
The 30 highest-yield Back-End Development facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
65 questions
90 min time limit
70.00% to pass
- Which of the following is a constraint of REST architecture? → Statelessness
- What is HTTP caching and which header controls cache duration for browser and CDN caching? → Browser and CDN caching of HTTP responses — controlled by the Cache-Control header
- A word or phrase used to specify which columns should be returned by a query → Select
- What does ACID stand for in database transactions? → Atomicity, Consistency, Isolation, Durability
- A broad view of a database showing all its tables and connections. → Schema
- What does 'idempotency' mean in the context of a message consumer? → Processing the same message multiple times produces the same result as processing it once
- What is the purpose of message durability in a message broker? → Ensuring messages survive broker restarts by persisting them to disk
- A set of data spanning all rows in a table with the same datatype (records) → Column
- What HTTP status code should a REST API return when a resource is successfully created? → 201 Created
- What is the best way to prevent SQL injection in a back-end application? → Using parameterized queries or prepared statements
- In REST API design, what is the correct URL pattern for retrieving a specific user by ID? → /users/5
- What is 'event sourcing' in back-end architecture? → Storing all state changes as an ordered, immutable sequence of events
- What is JWT and what is it commonly used for in back-end applications? → JSON Web Token — used for stateless authentication and authorization
- What is the difference between authentication and authorization? → Authentication verifies identity; authorization determines permissions
- What is the purpose of environment variables in back-end application security? → To store sensitive configuration like API keys and passwords outside of source code
- What does HATEOAS stand for in REST API design? → Hypertext As The Engine Of Application State
- What is CQRS (Command Query Responsibility Segregation)? → A pattern that separates the model for writing data (commands) from reading data (queries)
- What does SQL injection attack involve? → Inserting malicious SQL code into input fields to manipulate database queries
- Which HTTP status code indicates that the client is not authorized to access a resource (authentication required)? → 401 Unauthorized
- In Apache Kafka, what is a 'partition'? → An ordered, immutable sequence of messages within a topic
- What routing behavior does RabbitMQ's 'direct exchange' provide? → It routes messages to queues whose binding key exactly matches the message routing key
- What is a refresh token and how does it work alongside an access token? → A long-lived token used to obtain new short-lived access tokens without re-authentication
- What does CORS stand for and why is it important in REST APIs? → Cross-Origin Resource Sharing — controls which domains can access the API
- Describe a database. → A structured collection of data
- What is denormalization and when is it used? → Intentionally introducing redundancy into a database schema to improve read performance
- What is rendering on a server? → The process of generating HTML on the server and sending it to the client
- In REST API versioning, which approach embeds the version number in the URL path? → URI versioning
- Which SQL command is employed to retrieve data from a database? → Select
- What is a message queue primarily used for in back-end systems? → Decoupling services and enabling asynchronous communication
- What hashing algorithm is recommended for storing passwords and why? → bcrypt or Argon2 — they are slow by design and include salting
Turn these facts into recall: