Rejected a Program Manager Position at Microsoft Dublin – My Successful Interview at Microsoft | Svetlin Nakov's Blog
Interview Question 1: You need to architecture the security for a bank software. What shall you do?
There is no exact answer here. This question is about thinking:
follow the existing standards in the banking sectors, establish global security policy, secure the network infrastructure, secure the application servers, secure the databases, establish auditing policy, securing the operators’ workstations, secure the Internet and mobile banking portal, etc. Think about authentication (smart cards), authorization, secure protocols, etc.
Interview Question 1: You need to architecture the security for a bank software. What shall you do?
There is no exact answer here. This question is about thinking:
follow the existing standards in the banking sectors, establish global security policy, secure the network infrastructure, secure the application servers, secure the databases, establish auditing policy, securing the operators’ workstations, secure the Internet and mobile banking portal, etc. Think about authentication (smart cards), authorization, secure protocols, etc.
Interview Question 3: What is the difference between black box and white box testing?
Black box testing is testing without seeing the code. Just looking for incorrect behaviour.
White box testing is about inspecting the code and guessing what can go wrong with it. Look inside arrays (border problems), loops (off by 1 problems), pointers, memory management (allocate / free memory), etc.
Interview Question 4: What is cross-site scripting (XSS)?
In Web application XSS is when text coming from the user is printed in the HTML document without being escaped. This can cause injecting JavaScript code in the client’s web browser, accessing the session cookies, logging keyboard, and sensitive data (like credit card numbers).
Interview Question 5: What is SQL injection?
SQL injection is vulnerability comming from dynamic SQL command text created by concatenating strings with an input comming from the user, e.g. string cmd = “SELECT * from USERS where LOGIN='” + login + “‘ and PASS='” + password + “‘”. if username has value “‘ OR 1=1 ‘;”, any login / password will work. To avoid SQL injection use parameterized commands or at least SQL escaping.
Interview Question 6: What is the most challengeable issue with multithreading?
Maybe this is the synchronization and avoiding deadlocks.
Interview Question 7: Explain about deadlocks. How to avoid them?
Deadlock arise when 2 or more resources wait for each other. To avoid it, be careful. Allocate resources always in the same order.
Interview Question 8: Do you know some classical synchronization problem?
The most important classical problem is “producer-consumer“. You have several producers and several consumers. Producers produce some kinf of production from time to time and consumer consume the production from time to time. We have limited buffer for the production. When the buffer is full, producers wait until space is freed. When the buffer is empty, the consumers wait until some producers put something inside.
Practical use of the producer-consumer pattern is sending 1 000 000 emails (production) with 25 working threads (consumers).
Interview Question 9: You need to design a large distributed system with Web and mobile front-end. Through the Web customers subscribe for stock quotes (choosing a ticker and time interval) and get notified by SMS at their mobile phones about the price for given tickers and the requested intervals. A web service for getting the price for given ticker is considered already existing.
Use 3-tier architecture (ASP.NET, C# business tier, SQL Server database). Use a queue of tasks in the business tier and a pool of working threads (e.g. 100 threads) that execute the tasks. A task has 2 steps (query for the ticker price and send SMS). These steps are executed synchronously (with reasonable timeout).
We have another thread that performs SQL query in the database to get the subscriptions matching the current time and appending tasks for SMS notification.
We consider the SMS gateway is an external system.
Interview Question 10: How you secure the stock quote notification system?
We need to secure all its parts:
1) The user registration process – need to verify phone number with confirmation code sent by SMS. Need to keep the password with salted hash. Need to keep the communication through HTTPs / SSL.
2) The application server with business logic. Secure the host, put reasonable limitations to avoid flooding the server.
3) Secure the database (e.g. Windows authentication without using passwords).
4) Secure the network (e.g. use IPSEC)
5) Secure the access to the Web service (WS Security).
6) Secure the mobile phone (e.g. sending encrypted SMS messages and decrypt them with a proprietary software running on the phone).
1) The user registration process – need to verify phone number with confirmation code sent by SMS. Need to keep the password with salted hash. Need to keep the communication through HTTPs / SSL.
2) The application server with business logic. Secure the host, put reasonable limitations to avoid flooding the server.
3) Secure the database (e.g. Windows authentication without using passwords).
4) Secure the network (e.g. use IPSEC)
5) Secure the access to the Web service (WS Security).
6) Secure the mobile phone (e.g. sending encrypted SMS messages and decrypt them with a proprietary software running on the phone).
Interview Question 11: How you write a distributed Web crawler (Web spider)? Think about Windows Live Search which crawls the Internet every day.
You have a queue of URLs to be processed and asynchronous sockets that process the URLs in the queue. Each processing has several states and you describe them in a state machine. Using threads with blocking sockets will not scale. You can still use multiple threads if you have multiple CPUs. The Web crawler should be stateleass and keep its state in the DB. This will allow good scalability.
A big problem is how to distribute the database. It is very, very large database. The key here is to use partitioning, e.g. by site domain. Take the site domain, compute a hash code and distribute the data between the DB nodes based on the hash code. No database server can store all the pages in Internet, so you should use thousands of DB servers and partitioning.
Interview Question 12: You have a set of pairs of characters that gives a partial ordering between the characters. Each pair (a, b) means that a should be before b. Write a program that displays a sequence of characters that keeps the partial ordering (topological sorting).
We have 2 algorithms:
1) Calculate the number of the direct predecessors for each character. Find a character with no predecessors, print it and remove it. Removing reduces the number of predecessors for all its children. Repeat until all characters are printed. If you find a situation where every character has at least 1 predecessor, this means a loop inside the graph (print “no solution”). Use Dictionary<string, int> for keeping the number of predecessors for each character. Use a Dictionary<string, List<char>> to keep the children for each character. Use PriorityQueue<char, int> to keep the characters by usign their number of predecessors as priority. The running time will be O(max(N*log N, M)) where N is the number of characters and M is the number of pairs.
2) Create a graph from the pairs. Use recursive DFS traversal starting from a random vertice and print the vertices when returning from the recursion. Repeat the above until finished. The topological sorting will be printed in reversed order. The running time is O(N + M).
1) Calculate the number of the direct predecessors for each character. Find a character with no predecessors, print it and remove it. Removing reduces the number of predecessors for all its children. Repeat until all characters are printed. If you find a situation where every character has at least 1 predecessor, this means a loop inside the graph (print “no solution”). Use Dictionary<string, int> for keeping the number of predecessors for each character. Use a Dictionary<string, List<char>> to keep the children for each character. Use PriorityQueue<char, int> to keep the characters by usign their number of predecessors as priority. The running time will be O(max(N*log N, M)) where N is the number of characters and M is the number of pairs.
2) Create a graph from the pairs. Use recursive DFS traversal starting from a random vertice and print the vertices when returning from the recursion. Repeat the above until finished. The topological sorting will be printed in reversed order. The running time is O(N + M).
Interview Question 13:
You are given a coconut. You have large building (n floors). If you throw the coconut from the first floor, it can be broken or not. If not you can throw it from the second floor. With n attempts you can find the maximal floor keeping the coconut intact.
You are given a coconut. You have large building (n floors). If you throw the coconut from the first floor, it can be broken or not. If not you can throw it from the second floor. With n attempts you can find the maximal floor keeping the coconut intact.
Now you have 2 coconuts. How many attempts you will need to find the maximal floor?
It is a puzzle-like problem. You can use the first coconut and throw it from floors: sqrt(n), 2*sqrt(n), …, sqrt(n) * sqrt(n). This will take sqrt(n) attempts. After that you will have an interval of sqrt(n) floors that can be attempted sequentially with the second coconut. It takes totally 2*sqrt(n) attempts.
Interview Question 14: You have 1000 campaigns for advertisements. For each of them you have the returns of investments for every day in a fixed period of time in the past (e.g. 1 year). The goal is to visualize all the campaigns in a single graphics or different UI form so the user can easily see which campaigns are most effective.
If you visualize only one campaign, you can use a classical bar-chart or pie-chart to show the efficiency at weekly or monthly basis. If you visualize all campaigns for a fixed date, week or month, you can also use classical bar-chart or pie-chart. The problem is how to combine the above.
One solution is to use a bar for each campaign and use different colors for each week in each bar. For example the first week is black, followed by the second week, which is 90% black, followed by the third week which is 80% black, etc. Finally we will have a sequence of bars and the most dark bars will shows best campaigns while the most bright bars will show the worst campaings.
Read full article from Rejected a Program Manager Position at Microsoft Dublin – My Successful Interview at Microsoft | Svetlin Nakov's Blog