Introduction – Being a Senior C# Developer is not just about writing code that works; it’s about writing code that is performant, scalable, and maintainable. This Year with the evolution of .NET 8 and 9, the interview landscape has shifted from basic syntax to deep
In this post, I have curated 15 high-level questions that I often ask candidates during technical rounds.
Memory Management & Performance
Q1. What is the difference between Span<T> and Memory<T>, and when should you use them?
Answer: Both are used to represent contiguous regions of memory without unnecessary allocations.
- Span<T>: It is a ref struct, meaning it is allocated on the stack. Use it for short-lived synchronous operations (like parsing strings or buffers).
- Memory<T>: It is stored on the managed heap and can be used in async methods where Span<T> is not allowed (because ref structs cannot be captured in async state machines).
Q2. How does the “Pinnable Object Heap (POH)” work in .NET?
Answer: Introduced in .NET 5+, the POH is a dedicated heap for objects that need to be “pinned” (fixed in memory) during Garbage Collection, usually for Interop with unmanaged code. By separating pinned objects, the GC can compact the rest of the heap more efficiently, preventing fragmentation.
Section 2: Concurrency & Asynchrony
Q3. Explain the difference between Task.Run() and Task.Yield().
Answer: * Task.Run(): Queues work to be executed on the Thread Pool. It is used for CPU-bound tasks.
- Task.Yield(): It doesn’t start a new task but “yields” control back to the current context, allowing other pending work to execute before returning to the original task. It’s great for preventing UI thread starvation or long-running loops.
Section 3: Architecture & Design Patterns
Q4. Why is “Clean Architecture” preferred over “Traditional N-Tier Architecture” in modern .NET apps?
Answer: In N-Tier, the UI depends on the Business Layer, which depends on the Database. This makes testing hard. In Clean Architecture, the “Domain” is at the center and has no dependencies. All other layers (Infrastructure, UI) depend on the Domain through interfaces (Dependency Inversion).
Section 4: Advanced Scenarios (Problem Solving)
Q5. How would you handle a memory leak in a .NET application that uses Event Handlers?
Answer: Event handlers often cause “Lapsed Listener” leaks because the publisher holds a reference to the subscriber.
Solution: 1. Always unsubscribe in Dispose().
2. Use Weak Event Patterns.
3. Use anonymous methods carefully to avoid capturing unintended variables.
Section 5: .NET Internals & Garbage Collection
Q6. What is “Garbage Collection (GC) LOH Fragmentation” and how can you mitigate it?
Answer: Objects larger than 85,000 bytes go to the Large Object Heap (LOH). Historically, the LOH was not compacted, leading to “holes” (fragmentation) in memory.
- Mitigation: In modern .NET, you can use GCSettings.LargeObjectHeapCompactionMode = GCLargeObjectHeapCompactionMode.CompactOnce; to force compaction during the next full GC. Also, using ArrayPool<T> helps reuse large arrays instead of allocating new ones.
Q7. Explain the difference between System.Text.Json and Newtonsoft.Json.
Answer: * System.Text.Json: Focuses on performance and security. It is built-in, uses Span<T> for high speed, and results in lower memory allocation.
- Newtonsoft.Json: More feature-rich (like Populating objects or handling complex inheritance).
- Verdict: For modern APIs where performance is key, System.Text.Json is preferred. Use Newtonsoft only for legacy support or highly complex serialization needs.
Section 6: Advanced C# Features
Q8. What are “Required Members” introduced in C# 11?
Answer: The required keyword ensures that a property must be initialized during object creation (via an object initializer). This solves the problem of “null” or “uninitialized” states without needing complex constructors.
Q9. How does IAsyncEnumerable<T> differ from Task<IEnumerable<T>>?
Answer: * Task<IEnumerable<T>>: The entire collection is loaded into memory before the task completes.
- IAsyncEnumerable<T>: It allows you to stream data. You can process each item as it arrives (yield return) without waiting for the whole list. This is much more memory-efficient for large database queries.
Section 7: Security & Scalability
Q10. What is “SQL Injection” in Entity Framework Core, and is it still a threat?
Answer: EF Core uses Parameterized Queries by default (via LINQ), which prevents SQL injection. However, if a developer uses FromSqlRaw or ExecuteSqlRaw with string interpolation instead of parameters, the application becomes vulnerable. Always use FromSqlInterpolated for safety.
Q11. How do you implement “Rate Limiting” in .NET 8?
Answer: .NET 8 has a built-in Rate Limiting Middleware. You can use policies like:
- Fixed Window: X requests per Y seconds.
- Sliding Window: More flexible window.
- Token Bucket: Allows bursts of traffic. It is configured in Program.cs using app.UseRateLimiter().
Section 8: Testing & Maintenance
Q12. What is the difference between “Mocks” and “Stubs” in Unit Testing?
Answer: * Stubs: Provide canned (pre-defined) answers to calls made during the test.
- Mocks: Are more advanced; they not only provide data but also verify that certain methods were called with specific parameters.
Q13. What is the “Sidecar Pattern” in Microservices?
Answer: It involves deploying a helper component (like a logging agent or proxy) alongside your main application container. In .NET, this is common when using Dapr or Service Meshes (like Istio) to handle communication and security without bloating the main app code.
Section 9: Cloud & DevOps
Q14. How do you handle “Secret Management” in a Production .NET App?
Answer: Never store secrets in appsettings.json.
- Local: Use UserSecrets tool.
- Production: Use Azure Key Vault or AWS Secrets Manager. Use the Microsoft.Extensions.Configuration.AzureKeyVault provider to inject secrets directly into the IConfiguration object.
Q15. What are “Minimal APIs” and when should you NOT use them?
Answer: Minimal APIs reduce boilerplate code for small services.
- Use when: Building microservices, small proxies, or simple CRUD apps.
- Avoid when: Your project is huge with complex validation, many filters, and hundreds of endpoints. In such cases, Controller-based APIs offer better organization.