Show you understand the reasoning: "Only public/ is web-accessible, so PHP source code cannot be downloaded directly. var/ holds cache and logs — these are environment-specific and never committed. Everything in src/ is autoloaded via PSR-4."
src/: application PHP code — controllers, entities, services, repositories, commands. config/: configuration files — services.yaml, routes, packages, and environment-specific overrides. templates/: Twig template files, organised by controller or feature. public/: the web root — contains index.php (front controller), CSS, JS, and images. Only this directory is web-accessible. var/: generated files — cache, logs, and session storage. Not committed to version control. Additionally: migrations/ for database migrations, tests/ for PHPUnit tests, translations/ for i18n files, and vendor/ for Composer dependencies. Strong candidates explain: why only public/ should be web-accessible (security), that var/ and vendor/ are gitignored, and that the Kernel class in src/ boots the application.
Baseline Symfony knowledge. Candidates who put application logic outside src/ or who do not understand why public/ is the document root have gaps in project setup fundamentals. Quick to test and reveals whether someone has actually set up a Symfony project.