REST vs GraphQL vs gRPC MCQ 60 Tests With Answers (2026)
PerfectNotes TeamUpdated: May 2026~15 min practice 60 Questions · 3 Levels 60 Questions · 3 Levels
REST, GraphQL, and gRPC represent three distinct paradigms for API design and data exchange, each with unique strengths and trade-offs. Understanding these architectures is critical for backend engineers, full-stack developers, and DevOps professionals building modern, scalable systems.
These questions are organized into three progressive difficulty levels of 20 questions each: Basics (covering definitions, HTTP verbs, payload formats, and basic endpoints), Concepts (covering N+1 problems, streaming types, browser caching, and versioning patterns), and Advanced (covering gRPC channels, query complexity DoS attacks, HTTP/2 frames, schema federation, and interceptor hooks). Each question includes a verified, in-depth explanation to reinforce learning.
Practice in Study Mode to reveal answers and detailed explanations instantly, or use Exam Mode for timed testing and real-time scoring to simulate certification environments. The interactive engine tracks your progress and identifies knowledge gaps across API architectures and microservice protocol designs.
Contents
- 1.Basics (20 Questions)Terminology · payload formats · HTTP verbs · endpoints
- 2.Concepts (20 Questions)N+1 problem · HTTP/2 · caching · schema compatibility
- 3.Advanced (20 Questions)gRPC channels · query complexity · federation · interceptors
- 4.Conclusionsummary · next steps · study tips
- 5.Key Takeawaysquick-fire bullet recap of essential facts
- 6.Quick Review Summaryconcept · definition · key fact table
- 7.FAQcommon questions answered
REST vs GraphQL vs gRPC — Basics
1What does the acronym REST stand for in web architecture?
CorrectA: Representational State Transfer
REST (Representational State Transfer) is an architectural style for distributed systems emphasizing statelessness, client-server separation, and uniform interfaces over standard HTTP methods.
IncorrectA: Representational State Transfer
REST (Representational State Transfer) is an architectural style for distributed systems emphasizing statelessness, client-server separation, and uniform interfaces over standard HTTP methods.
2Which tech giant originally developed GraphQL for internal use before open-sourcing it?
CorrectB: Facebook (Meta)
Facebook (now Meta) created GraphQL to improve data fetching efficiency for their internal applications, then open-sourced it in 2015.
IncorrectB: Facebook (Meta)
Facebook (now Meta) created GraphQL to improve data fetching efficiency for their internal applications, then open-sourced it in 2015.
3What is the primary data serialization format used natively by gRPC?
CorrectC: Protocol Buffers (Protobuf)
gRPC uses Protocol Buffers (Protobuf) for serialization, which provides a compact binary format, automatic code generation, and strong versioning guarantees.
IncorrectC: Protocol Buffers (Protobuf)
gRPC uses Protocol Buffers (Protobuf) for serialization, which provides a compact binary format, automatic code generation, and strong versioning guarantees.
4How many HTTP endpoints does a standard GraphQL API expose to clients?
CorrectD: Exactly one unified endpoint
GraphQL uses a single unified endpoint, typically `/graphql`. All queries, mutations, and subscriptions are routed through this single entry point.
IncorrectD: Exactly one unified endpoint
GraphQL uses a single unified endpoint, typically `/graphql`. All queries, mutations, and subscriptions are routed through this single entry point.
5Which foundational transport protocol is strictly required for gRPC to operate?
CorrectA: HTTP/2
gRPC requires HTTP/2 for its advanced streaming and multiplexing capabilities. HTTP/1.1 cannot efficiently support gRPC's design.
IncorrectA: HTTP/2
gRPC requires HTTP/2 for its advanced streaming and multiplexing capabilities. HTTP/1.1 cannot efficiently support gRPC's design.
6What common API problem does GraphQL solve by allowing clients to specify exactly which fields they need?
CorrectB: Over-fetching and under-fetching
GraphQL eliminates over-fetching (requesting unneeded fields) and under-fetching (multiple requests to get all needed data) by allowing clients to specify exact field requirements.
IncorrectB: Over-fetching and under-fetching
GraphQL eliminates over-fetching (requesting unneeded fields) and under-fetching (multiple requests to get all needed data) by allowing clients to specify exact field requirements.
7In a REST API, which HTTP method is conventionally used to completely replace an existing resource?
CorrectC: PUT
PUT replaces the entire resource representation. PATCH applies partial modifications. POST creates new resources.
IncorrectC: PUT
PUT replaces the entire resource representation. PATCH applies partial modifications. POST creates new resources.
8What term describes the operation used to modify or write data to the server in GraphQL?
CorrectD: Mutation
A Mutation in GraphQL handles data modification, similar to POST/PUT/DELETE in REST. Queries handle read operations; Subscriptions handle real-time updates.
IncorrectD: Mutation
A Mutation in GraphQL handles data modification, similar to POST/PUT/DELETE in REST. Queries handle read operations; Subscriptions handle real-time updates.
9Which architecture relies heavily on standard HTTP verbs and treats URLs as identifiers for specific entities?
CorrectA: REST
REST uses HTTP verbs (GET, POST, PUT, DELETE, PATCH) and resource-oriented URLs. This is a core REST principle.
IncorrectA: REST
REST uses HTTP verbs (GET, POST, PUT, DELETE, PATCH) and resource-oriented URLs. This is a core REST principle.
10How does gRPC typically handle the readability of its payload during network transmission?
CorrectB: It transmits a highly compressed binary format, making it unreadable to humans without the schema
gRPC uses Protobuf binary serialization, optimized for speed and size rather than human readability. This requires the .proto schema to understand the payload.
IncorrectB: It transmits a highly compressed binary format, making it unreadable to humans without the schema
gRPC uses Protobuf binary serialization, optimized for speed and size rather than human readability. This requires the .proto schema to understand the payload.
11What is the fundamental rule of "Statelessness" in a RESTful architecture?
CorrectC: Each client request must contain all information necessary for the server to process it
Statelessness means each request contains all context needed to process it. The server does not store client state between requests, improving scalability.
IncorrectC: Each client request must contain all information necessary for the server to process it
Statelessness means each request contains all context needed to process it. The server does not store client state between requests, improving scalability.
12Which technology was initially developed by Google specifically to connect internal microservices with maximum efficiency?
CorrectD: gRPC
Google created gRPC to replace Stubby (their internal RPC system) for high-performance, low-latency microservice communication.
IncorrectD: gRPC
Google created gRPC to replace Stubby (their internal RPC system) for high-performance, low-latency microservice communication.
13In GraphQL, what is the server-side function responsible for fetching the actual data for a specific field?
CorrectA: Resolver
A Resolver is a function that returns the value for a field in the GraphQL schema. The server invokes resolvers to execute queries.
IncorrectA: Resolver
A Resolver is a function that returns the value for a field in the GraphQL schema. The server invokes resolvers to execute queries.
14Which standard HTTP header does a client use in REST to tell the server what data format it expects in return?
CorrectB: Accept
The Accept header specifies the desired response format (e.g., application/json). Content-Type specifies the request payload format.
IncorrectB: Accept
The Accept header specifies the desired response format (e.g., application/json). Content-Type specifies the request payload format.
15What file extension is typically used to define the schema and service interfaces in a gRPC project?
CorrectC: .proto
.proto files define Protocol Buffer message schemas and gRPC service definitions. These files are compiled to generate client and server code.
IncorrectC: .proto
.proto files define Protocol Buffer message schemas and gRPC service definitions. These files are compiled to generate client and server code.
16Which feature of GraphQL allows the server to push real-time updates directly to connected clients?
CorrectD: Subscriptions
GraphQL Subscriptions allow bidirectional communication where the server pushes updates to clients in real-time, typically over WebSocket.
IncorrectD: Subscriptions
GraphQL Subscriptions allow bidirectional communication where the server pushes updates to clients in real-time, typically over WebSocket.
17In a REST architecture, what does an HTTP "404" status code explicitly signify?
CorrectA: The requested resource does not exist on the server
404 Not Found indicates the requested resource does not exist. 400 indicates bad request; 401 indicates unauthorized; 500 indicates server error.
IncorrectA: The requested resource does not exist on the server
404 Not Found indicates the requested resource does not exist. 400 indicates bad request; 401 indicates unauthorized; 500 indicates server error.
18Why are Protocol Buffers generally faster to transmit over a network than JSON?
CorrectB: They serialize into a compact binary format that avoids string parsing overhead
Protobuf binary serialization is more compact than text-based JSON, requires no string parsing, and avoids whitespace overhead.
IncorrectB: They serialize into a compact binary format that avoids string parsing overhead
Protobuf binary serialization is more compact than text-based JSON, requires no string parsing, and avoids whitespace overhead.
19What does it mean for an HTTP GET request to be "idempotent" in REST?
CorrectC: Making the identical request multiple times produces the same result without changing the server state
Idempotent requests produce the same result and side effects regardless of how many times they are executed. GET is idempotent; POST is not.
IncorrectC: Making the identical request multiple times produces the same result without changing the server state
Idempotent requests produce the same result and side effects regardless of how many times they are executed. GET is idempotent; POST is not.
20In gRPC architecture, what is the generated "stub"?
CorrectD: The local client-side object that provides the same methods as the remote service
A gRPC stub is auto-generated client code that provides local method calls corresponding to remote RPC methods, abstracting the network details.
IncorrectD: The local client-side object that provides the same methods as the remote service
A gRPC stub is auto-generated client code that provides local method calls corresponding to remote RPC methods, abstracting the network details.
REST vs GraphQL vs gRPC — Concepts
1How does gRPC handle the streaming of data compared to traditional REST?
CorrectA: It supports unary, server-streaming, client-streaming, and bidirectional streaming natively
gRPC supports four communication patterns: unary, server streaming, client streaming, and bidirectional streaming—all over HTTP/2.
IncorrectA: It supports unary, server-streaming, client-streaming, and bidirectional streaming natively
gRPC supports four communication patterns: unary, server streaming, client streaming, and bidirectional streaming—all over HTTP/2.
2What is a significant architectural challenge when implementing HTTP-level caching for a GraphQL API?
CorrectB: Since almost all queries are routed through a single POST endpoint, traditional URL-based HTTP caching mechanisms are ineffective
GraphQL uses a single POST endpoint for all queries, making standard HTTP caching (which keys on URLs) ineffective. Custom caching strategies are needed.
IncorrectB: Since almost all queries are routed through a single POST endpoint, traditional URL-based HTTP caching mechanisms are ineffective
GraphQL uses a single POST endpoint for all queries, making standard HTTP caching (which keys on URLs) ineffective. Custom caching strategies are needed.
3In REST maturity models (like the Richardson Maturity Model), what is HATEOAS?
CorrectC: The principle that responses should include hypermedia links to guide the client to related actions
HATEOAS (Hypermedia As The Engine Of Application State) means responses include links guiding clients to valid next actions, enabling true RESTfulness.
IncorrectC: The principle that responses should include hypermedia links to guide the client to related actions
HATEOAS (Hypermedia As The Engine Of Application State) means responses include links guiding clients to valid next actions, enabling true RESTfulness.
4What is the "N+1 problem" frequently encountered in naive GraphQL implementations?
CorrectD: A performance bottleneck where fetching a list of items triggers an additional database query for every individual item's nested relations
If a resolver naively queries the database for each nested field without batching, fetching 100 users with addresses triggers 101 database queries instead of 2.
IncorrectD: A performance bottleneck where fetching a list of items triggers an additional database query for every individual item's nested relations
If a resolver naively queries the database for each nested field without batching, fetching 100 users with addresses triggers 101 database queries instead of 2.
5How does Protocol Buffers (protobuf) ensure backward and forward compatibility when a schema changes?
CorrectA: By utilizing unique integer tags assigned to each field rather than relying on field names
Protobuf uses integer field tags (not names) for serialization. New/removed fields do not break compatibility if tag numbers are preserved.
IncorrectA: By utilizing unique integer tags assigned to each field rather than relying on field names
Protobuf uses integer field tags (not names) for serialization. New/removed fields do not break compatibility if tag numbers are preserved.
6Which HTTP method is strictly required by the gRPC specification for all RPC calls?
CorrectB: POST
gRPC uses HTTP/2 POST for all RPC invocations, including streaming calls.
IncorrectB: POST
gRPC uses HTTP/2 POST for all RPC invocations, including streaming calls.
7In a REST API, what is the semantic difference between the PUT and PATCH methods?
CorrectC: PUT replaces the entire resource representation, whereas PATCH applies partial modifications to the resource
PUT replaces the full resource; PATCH applies partial updates. Pure REST distinguishes these semantics for idempotency and clarity.
IncorrectC: PUT replaces the entire resource representation, whereas PATCH applies partial modifications to the resource
PUT replaces the full resource; PATCH applies partial updates. Pure REST distinguishes these semantics for idempotency and clarity.
8How does GraphQL handle error reporting when a query successfully retrieves some fields but fails on others?
CorrectD: It returns an HTTP 200 status code with a JSON payload containing both a "data" object for successful fields and an "errors" array
GraphQL returns 200 OK with both partial data and errors, allowing clients to display available data while noting issues.
IncorrectD: It returns an HTTP 200 status code with a JSON payload containing both a "data" object for successful fields and an "errors" array
GraphQL returns 200 OK with both partial data and errors, allowing clients to display available data while noting issues.
9Which feature of HTTP/2 is most critical to gRPC's ability to handle multiple concurrent calls over a single TCP connection?
CorrectA: Multiplexing via streams and frames
HTTP/2 multiplexing allows multiple independent streams on a single connection, enabling gRPC to handle concurrent RPC calls efficiently.
IncorrectA: Multiplexing via streams and frames
HTTP/2 multiplexing allows multiple independent streams on a single connection, enabling gRPC to handle concurrent RPC calls efficiently.
10What is a "GraphQL Introspection" query primarily used for?
CorrectB: Allowing a client to query the server for the details of its schema and supported types
Introspection lets clients query the schema dynamically, enabling tools like GraphiQL to provide auto-completion and documentation.
IncorrectB: Allowing a client to query the server for the details of its schema and supported types
Introspection lets clients query the schema dynamically, enabling tools like GraphiQL to provide auto-completion and documentation.
11Why is load balancing a gRPC application often more complex than load balancing a standard REST API?
CorrectC: Because HTTP/2 utilizes persistent connections, Layer 4 load balancers send all traffic to a single backend pod unless Layer 7 load balancing is implemented
gRPC's persistent HTTP/2 connections require Layer 7 (application-level) load balancing; simple Layer 4 routing sends entire connections to one backend.
IncorrectC: Because HTTP/2 utilizes persistent connections, Layer 4 load balancers send all traffic to a single backend pod unless Layer 7 load balancing is implemented
gRPC's persistent HTTP/2 connections require Layer 7 (application-level) load balancing; simple Layer 4 routing sends entire connections to one backend.
12When comparing payload size and parsing speed in high-throughput microservices, how does gRPC generally compare to GraphQL?
CorrectD: gRPC is faster and smaller due to highly efficient binary serialization and deserialization without string parsing overhead
gRPC's Protobuf binary format is significantly smaller and faster to parse than GraphQL's JSON, making it ideal for high-throughput scenarios.
IncorrectD: gRPC is faster and smaller due to highly efficient binary serialization and deserialization without string parsing overhead
gRPC's Protobuf binary format is significantly smaller and faster to parse than GraphQL's JSON, making it ideal for high-throughput scenarios.
13In RESTful API design, how should a client safely handle a situation where a network timeout occurs during a POST request to create a payment?
CorrectA: The client must verify the status via a GET request or utilize an idempotency key, because POST is not inherently idempotent
POST is not idempotent. On timeout, clients should check status or use idempotency keys to prevent duplicate payments.
IncorrectA: The client must verify the status via a GET request or utilize an idempotency key, because POST is not inherently idempotent
POST is not idempotent. On timeout, clients should check status or use idempotency keys to prevent duplicate payments.
14Which tool is commonly used to combat the N+1 problem in GraphQL servers by batching and caching database requests?
CorrectB: DataLoader
DataLoader batches database requests within a request cycle, converting N+1 queries into efficient batch queries.
IncorrectB: DataLoader
DataLoader batches database requests within a request cycle, converting N+1 queries into efficient batch queries.
15What is a defining characteristic of gRPC's "Deadline/Timeout" feature?
CorrectC: It allows a client to specify how long they are willing to wait for an RPC to complete before the request is automatically canceled across the entire microservice chain
gRPC deadlines propagate across service chains. If a deadline is exceeded, all downstream requests are automatically canceled.
IncorrectC: It allows a client to specify how long they are willing to wait for an RPC to complete before the request is automatically canceled across the entire microservice chain
gRPC deadlines propagate across service chains. If a deadline is exceeded, all downstream requests are automatically canceled.
16How does REST typically handle API versioning in a production environment?
CorrectD: By embedding the version number in the URL path (e.g., /api/v1/users) or via custom HTTP Accept headers
REST versioning uses URL paths (/v1/, /v2/) or Accept headers. Both preserve backward compatibility and allow gradual transitions.
IncorrectD: By embedding the version number in the URL path (e.g., /api/v1/users) or via custom HTTP Accept headers
REST versioning uses URL paths (/v1/, /v2/) or Accept headers. Both preserve backward compatibility and allow gradual transitions.
17How does GraphQL recommend handling API versioning and deprecations over time?
CorrectA: By avoiding versioning entirely, instead adding new fields and explicitly marking old fields with the @deprecated directive
GraphQL philosophy avoids versioning. Deprecated fields are marked with @deprecated, warnings are shown to clients, and old fields remain queryable.
IncorrectA: By avoiding versioning entirely, instead adding new fields and explicitly marking old fields with the @deprecated directive
GraphQL philosophy avoids versioning. Deprecated fields are marked with @deprecated, warnings are shown to clients, and old fields remain queryable.
18Which gRPC concept allows a server to return trailers (metadata) even if the RPC call fails with an error?
CorrectB: The grpc-status and grpc-message HTTP/2 headers
gRPC sends trailers (metadata) after the message body, including grpc-status and grpc-message even on failed calls.
IncorrectB: The grpc-status and grpc-message HTTP/2 headers
gRPC sends trailers (metadata) after the message body, including grpc-status and grpc-message even on failed calls.
19What architectural constraint prevents a strict REST API from maintaining an active, persistent session state for a specific client on the server?
CorrectC: The Statelessness constraint
REST requires statelessness—each request contains all context. Persistent sessions violate REST purity and reduce scalability.
IncorrectC: The Statelessness constraint
REST requires statelessness—each request contains all context. Persistent sessions violate REST purity and reduce scalability.
20In GraphQL, what is a "Fragment"?
CorrectD: A reusable set of fields that can be included in multiple queries to reduce duplication
Fragments define reusable field selections, reducing query duplication and improving maintainability.
IncorrectD: A reusable set of fields that can be included in multiple queries to reduce duplication
Fragments define reusable field selections, reducing query duplication and improving maintainability.
REST vs GraphQL vs gRPC — Advanced
1In a gRPC environment, what is the explicit purpose of a "Channel"?
CorrectA: It represents a long-lived, virtual connection to an endpoint, managing the underlying HTTP/2 connections and handling connection backoff and recovery
A Channel manages the connection lifecycle, connection pooling, and automatic reconnection in gRPC.
IncorrectA: It represents a long-lived, virtual connection to an endpoint, managing the underlying HTTP/2 connections and handling connection backoff and recovery
A Channel manages the connection lifecycle, connection pooling, and automatic reconnection in gRPC.
2How does an attacker typically execute a "Denial of Service (DoS) via Query Complexity" attack against a GraphQL server?
CorrectB: By submitting a deeply nested, exponentially expanding query that forces the server to execute thousands of complex database joins
Attackers craft deeply nested queries that exponentially multiply resolver execution, exhausting CPU and crashing the server.
IncorrectB: By submitting a deeply nested, exponentially expanding query that forces the server to execute thousands of complex database joins
Attackers craft deeply nested queries that exponentially multiply resolver execution, exhausting CPU and crashing the server.
3What is a common strategy to mitigate deep nesting attacks in GraphQL?
CorrectC: Implementing Maximum Query Depth analysis and Query Cost/Complexity analysis algorithms before execution
Cost/complexity analysis rejects expensive queries before execution, preventing DoS attacks.
IncorrectC: Implementing Maximum Query Depth analysis and Query Cost/Complexity analysis algorithms before execution
Cost/complexity analysis rejects expensive queries before execution, preventing DoS attacks.
4Which HTTP/2 frame type is utilized by gRPC to actively stream binary data chunks between the client and server?
CorrectD: DATA frames
DATA frames carry the actual message payload. HEADERS frames carry metadata; SETTINGS frames configure connection parameters.
IncorrectD: DATA frames
DATA frames carry the actual message payload. HEADERS frames carry metadata; SETTINGS frames configure connection parameters.
5In advanced REST security, what is the purpose of an "ETag" HTTP header?
CorrectA: To provide a resource version identifier utilized for conditional requests and optimistic concurrency control
ETags enable conditional GET requests (If-None-Match). If the resource hasn't changed, the server returns 304 Not Modified.
IncorrectA: To provide a resource version identifier utilized for conditional requests and optimistic concurrency control
ETags enable conditional GET requests (If-None-Match). If the resource hasn't changed, the server returns 304 Not Modified.
6When defining a gRPC service using Protobuf, what does the `repeated` keyword signify within a message definition?
CorrectB: The field acts as an array or list, allowing zero or more elements of that type
repeated fields in Protobuf represent arrays or lists, allowing multiple elements of the same type.
IncorrectB: The field acts as an array or list, allowing zero or more elements of that type
repeated fields in Protobuf represent arrays or lists, allowing multiple elements of the same type.
7What is the "Schema Stitching" or "Schema Federation" pattern used for in enterprise GraphQL deployments?
CorrectC: To combine multiple underlying GraphQL APIs from different microservices into a single, unified gateway graph for the client
Schema Federation enables composition of multiple GraphQL services into one schema via Apollo Federation or Schema Stitching.
IncorrectC: To combine multiple underlying GraphQL APIs from different microservices into a single, unified gateway graph for the client
Schema Federation enables composition of multiple GraphQL services into one schema via Apollo Federation or Schema Stitching.
8Why is building a public-facing API for external developers often easier with REST than with gRPC?
CorrectD: gRPC strictly requires clients to possess the compiled .proto stubs and an HTTP/2 compatible client, introducing a steeper adoption curve
REST uses standard HTTP and JSON, requiring only a web browser. gRPC requires compiled stubs and HTTP/2 support, making adoption harder.
IncorrectD: gRPC strictly requires clients to possess the compiled .proto stubs and an HTTP/2 compatible client, introducing a steeper adoption curve
REST uses standard HTTP and JSON, requiring only a web browser. gRPC requires compiled stubs and HTTP/2 support, making adoption harder.
9How do gRPC "Interceptors" function within the lifecycle of an RPC call?
CorrectA: They act as middleware hooks that can intercept, examine, or modify requests and responses on both the client and server sides
Interceptors are middleware that can modify requests/responses, inject logging, add authentication, etc.
IncorrectA: They act as middleware hooks that can intercept, examine, or modify requests and responses on both the client and server sides
Interceptors are middleware that can modify requests/responses, inject logging, add authentication, etc.
10In GraphQL, how do "Interfaces" and "Unions" differ when defining abstract types?
CorrectB: Interfaces require implementing types to share specific fields, whereas Unions allow completely disparate object types to be returned together without shared fields
Interfaces enforce shared fields on implementing types. Unions allow any object types together without shared requirements.
IncorrectB: Interfaces require implementing types to share specific fields, whereas Unions allow completely disparate object types to be returned together without shared fields
Interfaces enforce shared fields on implementing types. Unions allow any object types together without shared requirements.
11What is the primary operational advantage of utilizing "gRPC-Web" in a browser application?
CorrectC: It provides a translation proxy that allows browser applications, which lack raw HTTP/2 framing control, to communicate with gRPC backend services
gRPC-Web uses Envoy proxies to translate HTTP/1.1 requests into HTTP/2 gRPC calls, enabling browser clients.
IncorrectC: It provides a translation proxy that allows browser applications, which lack raw HTTP/2 framing control, to communicate with gRPC backend services
gRPC-Web uses Envoy proxies to translate HTTP/1.1 requests into HTTP/2 gRPC calls, enabling browser clients.
12According to the strict definition of REST, what is a "Hypermedia-Driven" application?
CorrectD: An application where the client enters via a single URL and discovers all available actions dynamically through hypermedia links provided in the server's responses
True REST (Level 3 in Richardson Maturity Model) is hypermedia-driven—clients discover actions via links.
IncorrectD: An application where the client enters via a single URL and discovers all available actions dynamically through hypermedia links provided in the server's responses
True REST (Level 3 in Richardson Maturity Model) is hypermedia-driven—clients discover actions via links.
13What is "Protobuf Field Number" evolution, and why is it critical in gRPC?
CorrectA: It relies on immutable integer tags to serialize/deserialize data, meaning changing a field's number will break compatibility with older clients
Protobuf field numbers are immutable tags. Changing them breaks wire compatibility; adding new fields with new numbers preserves compatibility.
IncorrectA: It relies on immutable integer tags to serialize/deserialize data, meaning changing a field's number will break compatibility with older clients
Protobuf field numbers are immutable tags. Changing them breaks wire compatibility; adding new fields with new numbers preserves compatibility.
14How does Apollo Server's "Automatic Persisted Queries" (APQ) optimize GraphQL performance?
CorrectB: The client sends a cryptographic hash of the query; if the server recognizes the hash, it executes the cached query without requiring the client to transmit the massive query string
APQ reduces bandwidth by allowing clients to send short hashes instead of lengthy query strings.
IncorrectB: The client sends a cryptographic hash of the query; if the server recognizes the hash, it executes the cached query without requiring the client to transmit the massive query string
APQ reduces bandwidth by allowing clients to send short hashes instead of lengthy query strings.
15Which limitation of HTTP/1.1 directly motivated the development of gRPC over HTTP/2?
CorrectC: Head-of-line blocking, which forces requests to be processed sequentially on a single connection, leading to latency in microservice communication
HTTP/1.1 head-of-line blocking caused latency. HTTP/2 multiplexing solved this, enabling gRPC efficiency.
IncorrectC: Head-of-line blocking, which forces requests to be processed sequentially on a single connection, leading to latency in microservice communication
HTTP/1.1 head-of-line blocking caused latency. HTTP/2 multiplexing solved this, enabling gRPC efficiency.
16In GraphQL, what is an "AST" (Abstract Syntax Tree) in the context of query execution?
CorrectD: A deeply parsed, hierarchical representation of the client's query string that the server evaluates to execute resolvers
GraphQL parses queries into an AST, then traverses it to invoke resolvers and build the response.
IncorrectD: A deeply parsed, hierarchical representation of the client's query string that the server evaluates to execute resolvers
GraphQL parses queries into an AST, then traverses it to invoke resolvers and build the response.
17How does gRPC handle flow control for massive data streams?
CorrectA: It utilizes HTTP/2's native WINDOW_UPDATE frames, preventing a fast sender from overwhelming a slow receiver by tracking available buffer space
HTTP/2 WINDOW_UPDATE frames prevent buffer overflow in streaming scenarios.
IncorrectA: It utilizes HTTP/2's native WINDOW_UPDATE frames, preventing a fast sender from overwhelming a slow receiver by tracking available buffer space
HTTP/2 WINDOW_UPDATE frames prevent buffer overflow in streaming scenarios.
18What is the "BFF" (Backend-for-Frontend) pattern, and why is GraphQL heavily utilized within it?
CorrectB: A pattern where an intermediate layer aggregates data from multiple microservices and tailors the payload specifically for a specific client; GraphQL excels here by allowing precise field selection
BFF uses GraphQL to let frontends request only needed data from aggregated backends, reducing bandwidth and complexity.
IncorrectB: A pattern where an intermediate layer aggregates data from multiple microservices and tailors the payload specifically for a specific client; GraphQL excels here by allowing precise field selection
BFF uses GraphQL to let frontends request only needed data from aggregated backends, reducing bandwidth and complexity.
19In advanced REST security, what is the purpose of a "MAC" (Message Authentication Code) or HMAC on a request?
CorrectC: To provide cryptographic proof of both data integrity and authenticity, ensuring the payload was not tampered with in transit
HMAC (using a shared secret) verifies that the payload has not been modified and confirms the sender's identity.
IncorrectC: To provide cryptographic proof of both data integrity and authenticity, ensuring the payload was not tampered with in transit
HMAC (using a shared secret) verifies that the payload has not been modified and confirms the sender's identity.
20What is a "Custom Scalar" in a GraphQL schema?
CorrectD: A user-defined data type (like a Date or URL) that requires custom serialization and parsing logic on the server
Custom scalars allow types like Date, DateTime, or JSON that require special serialization beyond standard scalars.
IncorrectD: A user-defined data type (like a Date or URL) that requires custom serialization and parsing logic on the server
Custom scalars allow types like Date, DateTime, or JSON that require special serialization beyond standard scalars.
Conclusion: Choosing the Right API Architecture
REST, GraphQL, and gRPC are not competing paradigms but complementary approaches designed for different use cases. REST excels at simplicity, caching, and stateless HTTP semantics — ideal for public APIs and web services. GraphQL provides a flexible query language allowing clients to request exactly what they need, reducing bandwidth and over-fetching — perfect for client-driven applications and mobile clients. gRPC offers binary efficiency, streaming, bidirectional communication, and high performance — ideal for microservices, internal APIs, and latency-sensitive systems.
Decision framework: Start with REST for simplicity and HTTP compatibility. Adopt GraphQL when client-driven queries and precise data fetching become critical (mobile, diverse clients). Migrate to or complement with gRPC for internal microservices, high-frequency APIs, and bi-directional streaming. Modern architectures often blend all three: public-facing REST APIs, GraphQL middleware layers for aggregation, and gRPC for inter-service communication.
Mastering these 60 MCQs equips you to architect API layers strategically, understand trade-offs between simplicity/flexibility/performance, and make informed decisions for backend systems. Good luck on your API architecture journey! 🚀
📌 KEY TAKEAWAYS — REST VS GRAPHQL VS GRPC
- REST — HTTP verbs (GET, POST, PUT, DELETE) on resource endpoints. Stateless, cacheable, simple mental model.
- GraphQL — Query language for exact data. Single endpoint, POST requests, complex queries reduce bandwidth.
- gRPC — RPC framework using Protocol Buffers over HTTP/2. Binary protocol, streaming-native, high performance.
- Over-/Under-fetching — REST: fixed payloads (clients get unnecessary fields or need multiple requests). GraphQL: clients specify exact fields (solves both). gRPC: typed messages (no extra fields).
- Caching — REST: HTTP caching layer-native. GraphQL: requires client-side cache normalization or server-side solutions. gRPC: manual caching or TTL headers.
- HTTP versions — REST: HTTP/1.1 (multiple TCP connections). GraphQL: HTTP/1.1+ (single connection). gRPC: HTTP/2 (true multiplexing).
- Streaming — REST: polling or WebSockets. GraphQL: subscriptions (over WebSocket). gRPC: first-class streaming (server, client, bidirectional).
- Browser support — REST: native (XHR, Fetch API). GraphQL: needs client library. gRPC: requires gRPC-Web or other adapters.
- Versioning — REST: URL paths, headers (v1/, api-version). GraphQL: schema evolution (add fields, deprecate). gRPC: backward-compatible message evolution.
- Bandwidth efficiency — REST: varies (JSON verbose). GraphQL: client-driven (less data transmitted). gRPC: binary format (most efficient).
Quick Review & Summary
Use this table for quick API architecture comparison before or after attempting the questions above.
| Aspect | REST | GraphQL | gRPC |
|---|---|---|---|
| Protocol | HTTP 1.1+ | HTTP 1.1+ (ideally 2) | HTTP/2 |
| Serialization | JSON (text) | JSON (text) | Protocol Buffers (binary) |
| Streaming | Polling/WebSockets | Subscriptions (WebSocket) | Native (server/client/bi) |
| Caching | HTTP cache headers | Client normalization | Custom/TTL |
| Browser Support | Native | Library + transpile | gRPC-Web adapters |
| Learning Curve | Easy (verbs, paths) | Moderate (schema, queries) | Steep (protobuf, codegen) |
| Latency | Moderate | Moderate-high (N+1) | Low (binary, HTTP/2) |
Frequently Asked Questions
Q. What is the key difference between REST and GraphQL?
Q. What is the key difference between GraphQL and gRPC?
Q. Why would you choose gRPC over REST or GraphQL?
Q. What does the N+1 problem mean in GraphQL?
Q. What are these REST vs GraphQL vs gRPC MCQs suitable for?
Q. What is Protocol Buffers (Protobuf)?
Q. What is HTTP/2 and why does gRPC require it?
Q. How do you handle versioning in REST, GraphQL, and gRPC?
Struggling with some questions? Re-read the full Theory Guide: REST vs GraphQL vs gRPC