GraphQL Quiz ( Advanced ) - All Questions
This hard-level GraphQL quiz is designed for senior developers and architects working with complex schemas, performance tuning, security, and large-scale GraphQL systems. It focuses on real-world challenges, edge cases, and interview-level GraphQL knowledge.
Question 1: What is the primary risk of allowing unrestricted GraphQL queries in production?
- Schema mismatch
- Query complexity attacks
- Over-fetching data
- Cache eviction
Explanation: Unrestricted queries can cause denial-of-service via complex queries.
Question 2: Why is query depth limiting important in GraphQL servers?
- To simplify schemas
- To prevent deeply nested expensive queries
- To improve caching
- To avoid schema changes
Explanation: Deep queries can heavily impact performance.
Question 3: What problem does GraphQL federation primarily solve?
- Client-side caching
- Schema composition across services
- Query batching
- Resolver memoization
Explanation: Federation allows multiple services to expose a unified graph.
Question 4: Why is the N+1 problem especially dangerous in GraphQL?
- It breaks schema validation
- It causes excessive database queries
- It blocks mutations
- It invalidates cache
Explanation: Each nested field can trigger additional DB queries.
Question 5: Which technique is most effective to solve the N+1 problem?
- Fragments
- DataLoader batching
- Schema stitching
- Query caching
Explanation: DataLoader batches and caches resolver calls.
Question 6: Why should GraphQL resolvers avoid heavy business logic?
- They run on the client
- They can become performance bottlenecks
- They break type safety
- They disable federation
Explanation: Resolvers execute per field and can slow responses.
Question 7: What is a major drawback of deeply nested GraphQL schemas?
- Schema duplication
- Complex execution and performance costs
- Lack of type safety
- Limited flexibility
Explanation: Deep schemas increase execution complexity.
Question 8: Why is persisted queries considered a best practice?
- They remove resolvers
- They prevent arbitrary query execution
- They improve schema design
- They eliminate caching
Explanation: Persisted queries reduce attack surface and payload size.
Question 9: What happens if a non-null field resolver returns null?
- Field is ignored
- Entire query fails
- Error bubbles up and may null parent fields
- Value is converted
Explanation: Non-null violations propagate errors up the response tree.
Question 10: Why is schema evolution preferred over versioning in GraphQL?
- Simpler servers
- Backward compatibility for clients
- Better caching
- Reduced schema size
Explanation: Clients can migrate gradually without breaking changes.
Question 11: What is the main purpose of query cost analysis?
- Measure response size
- Estimate server execution cost
- Improve client UX
- Reduce schema complexity
Explanation: Cost analysis protects servers from expensive queries.
Question 12: Why should authorization checks not be scattered across resolvers?
- Code duplication and inconsistency
- Resolvers stop working
- Caching breaks
- Queries fail validation
Explanation: Centralized auth avoids errors and duplication.
Question 13: Which approach is safest for GraphQL authentication?
- Inside each resolver
- In schema definitions only
- In context or middleware
- On the client
Explanation: Context-based auth keeps concerns centralized.
Question 14: Why can GraphQL caching be more complex than REST caching?
- No HTTP methods
- Highly dynamic query shapes
- Lack of JSON responses
- No status codes
Explanation: Different queries produce different shapes.
Question 15: What does Apollo Gateway primarily do?
- Cache queries
- Compose federated schemas
- Generate resolvers
- Handle mutations
Explanation: Apollo Gateway composes federated services.
Question 16: Why are field-level resolvers executed independently?
- To improve UI rendering
- To allow flexible data fetching
- To simplify schema design
- To enforce caching
Explanation: Independent resolvers enable fine-grained data resolution.
Question 17: Which GraphQL feature helps prevent breaking client applications?
- Query batching
- Field deprecation
- Subscriptions
- Fragments
Explanation: Deprecation allows safe API evolution.
Question 18: Why is GraphQL introspection sometimes disabled in production?
- Performance issues
- Security concerns
- Schema errors
- Caching problems
Explanation: Exposed schemas can aid attackers.
Question 19: What is the biggest challenge of GraphQL at scale?
- Type safety
- Performance and complexity control
- Client tooling
- Schema definition
Explanation: Large graphs require strict performance governance.
Question 20: Why should resolvers return predictable data shapes?
- For UI rendering
- For caching and stability
- For schema evolution
- For federation
Explanation: Predictable shapes reduce client-side bugs.
Question 21: What problem does schema stitching introduce compared to federation?
- Lack of type safety
- Tighter coupling between services
- Reduced performance
- Limited flexibility
Explanation: Stitching tightly couples services.
Question 22: Why is monitoring GraphQL queries critical in production?
- To block users
- To identify slow or expensive operations
- To update schema
- To manage clients
Explanation: Monitoring reveals performance bottlenecks.
Question 23: Which strategy best protects GraphQL APIs from abuse?
- Multiple endpoints
- Rate limiting and query complexity limits
- Schema expansion
- Client caching
Explanation: Limits prevent excessive resource usage.
Question 24: Why are GraphQL subscriptions harder to scale?
- They block queries
- They require persistent connections
- They disable caching
- They break schemas
Explanation: Persistent connections consume server resources.
Question 25: What is the main risk of exposing database models directly in GraphQL schemas?
- Schema duplication
- Tight coupling and poor evolution
- Slower queries
- Limited tooling
Explanation: Direct mapping makes schema hard to evolve.
Question 26: Which GraphQL feature enables service ownership boundaries?
- Fragments
- Federation directives
- Query batching
- Introspection
Explanation: Federation directives define service boundaries.
Question 27: Why should GraphQL APIs avoid overly generic queries?
- Security risk
- Unclear performance characteristics
- Schema errors
- Client limitations
Explanation: Generic queries are hard to optimize.
Question 28: What is a common production anti-pattern in GraphQL?
- Using fragments
- Returning entire objects by default
- Deprecating fields
- Using DataLoader
Explanation: Returning full objects increases payload size.
Question 29: Why is error masking important in GraphQL APIs?
- Improves caching
- Prevents leaking sensitive information
- Simplifies schema
- Improves retries
Explanation: Detailed errors can expose internal details.
Question 30: What is the primary benefit of separating read and write models?
- Simpler schemas
- Optimized queries and mutations
- Better caching
- Automatic scaling
Explanation: Different models optimize reads and writes.
Question 31: Why is GraphQL considered transport-agnostic?
- Uses only HTTP
- Not tied to a specific protocol
- Always uses JSON
- Runs only on browsers
Explanation: GraphQL can run over HTTP, WebSockets, or others.
Question 32: What is the main reason to centralize schema governance?
- Faster development
- Consistency and quality control
- Smaller schemas
- Better tooling
Explanation: Governance ensures scalable and safe APIs.
Question 33: Why do large organizations prefer GraphQL federation?
- Single database access
- Independent team ownership
- Automatic caching
- Simpler queries
Explanation: Teams can own parts of the graph independently.
Question 34: Which practice best ensures long-term GraphQL scalability?
- Adding more fields
- Monitoring, limits, and governance
- More resolvers
- Deep nesting
Explanation: Scalability requires controls and observability.
Question 35: What is the ultimate goal of a well-designed GraphQL API?
- Maximum flexibility without limits
- Balance between flexibility, performance, and security
- Minimal schema
- Replacing REST entirely
Explanation: Good GraphQL balances power with control.
Question 36: What is the primary security risk of allowing unlimited GraphQL query depth?
- Denial-of-service via expensive nested queries
- Schema version mismatch
- Broken introspection
- Cache poisoning
Explanation: Deep queries can exponentially increase resolver execution cost.
Question 37: Why is query complexity analysis important in GraphQL servers?
- To reduce schema size
- To estimate execution cost before running queries
- To improve client-side caching
- To simplify resolvers
Explanation: Complexity analysis protects servers from expensive queries.
Question 38: What problem does DataLoader primarily solve in GraphQL?
- Caching HTTP responses
- Schema stitching
- The N+1 query problem
- Query batching on the client
Explanation: DataLoader batches and caches backend data fetches.
Question 39: Why are GraphQL subscriptions harder to scale than queries?
- They bypass resolvers
- They disable caching
- They require schema federation
- They require persistent connections
Explanation: Persistent connections consume server resources.
Question 40: What is the main benefit of persisted queries?
- Reduced attack surface and smaller payloads
- Automatic schema validation
- Faster resolver execution
- Built-in caching
Explanation: Persisted queries prevent arbitrary query execution.
Question 41: Why should authorization logic be centralized in GraphQL?
- To reduce schema size
- To avoid duplication and inconsistency
- To improve introspection
- To simplify federation
Explanation: Centralized auth is safer and easier to maintain.
Question 42: Which GraphQL feature enables composing schemas across microservices?
- Schema stitching
- Fragments
- Federation
- Directives
Explanation: Federation allows multiple services to expose a unified graph.
Question 43: What happens when a non-null field resolver returns null?
- The field is skipped
- The value becomes undefined
- The error is ignored
- The error propagates up the response tree
Explanation: Non-null violations bubble up and may null parent fields.
Question 44: Why is schema evolution preferred over versioning in GraphQL?
- Backward compatibility for clients
- Smaller schemas
- Better resolver performance
- Automatic migrations
Explanation: Clients can migrate gradually without breaking changes.
Question 45: Why is caching more complex in GraphQL compared to REST?
- Lack of HTTP verbs
- Dynamic query shapes
- No JSON responses
- No status codes
Explanation: Different queries can return different shapes.
Question 46: What is the main danger of deeply nested GraphQL schemas?
- Loss of type safety
- Resolver execution explosion
- Broken introspection
- Schema duplication
Explanation: Deep nesting can cause excessive resolver execution.
Question 47: Why should resolvers avoid heavy business logic?
- They run on the client
- They increase schema size
- They can become performance bottlenecks
- They break federation
Explanation: Resolvers execute per field and can slow responses.
Question 48: Which strategy best protects GraphQL APIs from abuse?
- Rate limiting and query complexity limits
- Multiple endpoints
- Schema expansion
- Client-side caching
Explanation: Limits prevent excessive resource consumption.
Question 49: Why is GraphQL introspection sometimes disabled in production?
- Performance reasons
- Security concerns
- Schema instability
- Caching conflicts
Explanation: Introspection can expose internal schema details.
Question 50: What is the primary responsibility of Apollo Gateway?
- Caching responses
- Handling subscriptions
- Composing federated schemas
- Generating resolvers
Explanation: Apollo Gateway composes multiple subgraphs.
Question 51: Why should GraphQL APIs avoid returning full objects by default?
- Schema errors
- Authorization issues
- Performance and payload bloat
- Type conflicts
Explanation: Returning full objects increases payload size.
Question 52: What problem does query depth limiting directly address?
- Expensive nested queries
- Schema duplication
- Client caching issues
- Resolver typing
Explanation: Depth limits prevent deeply nested expensive queries.
Question 53: Why is monitoring GraphQL queries critical in production?
- To block users
- To detect slow or expensive operations
- To rewrite schemas
- To manage clients
Explanation: Monitoring reveals performance bottlenecks.
Question 54: Which GraphQL feature enables service ownership boundaries?
- Fragments
- Directives
- Federation directives
- Query batching
Explanation: Federation directives define subgraph ownership.
Question 55: Why is error masking important in GraphQL APIs?
- Improves caching
- Simplifies schemas
- Improves retries
- Prevents leaking sensitive information
Explanation: Detailed errors can expose internal details.
Question 56: Why is GraphQL considered transport-agnostic?
- It is not tied to a specific protocol
- It always uses HTTP
- It only uses JSON
- It runs only in browsers
Explanation: GraphQL can run over HTTP, WebSockets, or others.
Question 57: What is the biggest challenge of GraphQL at scale?
- Schema writing
- Client tooling
- Performance and governance
- Type definitions
Explanation: Large graphs require strict performance control.
Question 58: Why should GraphQL schemas not mirror database schemas directly?
- Security risks
- Performance issues
- Tight coupling and poor evolution
- Lack of tooling
Explanation: Direct mapping makes schemas hard to evolve.
Question 59: What is the main benefit of separating read and write models?
- Optimized queries and mutations
- Simpler schemas
- Automatic caching
- Better introspection
Explanation: Reads and writes have different optimization needs.
Question 60: Why should query cost analysis run before execution?
- To reduce response size
- To block overly expensive queries early
- To improve UI rendering
- To simplify schemas
Explanation: Early rejection protects backend resources.
Question 61: Which practice best ensures long-term GraphQL scalability?
- More fields
- Deeper nesting
- More resolvers
- Monitoring, limits, and governance
Explanation: Scalability requires observability and controls.
Question 62: What is the ultimate goal of a well-designed GraphQL API?
- Balance flexibility, performance, and security
- Replace REST entirely
- Minimal schema size
- Maximum flexibility without limits
Explanation: Good GraphQL balances power with control.