SPRING BOOT FUNDAMENTALS

1. What does @SpringBootApplication do internally?

o It is a convenience annotation that combines @Configuration,
@EnableAutoConfiguration, and @ComponentScan. This enables
auto-detection of beans and auto-configuration of application
settings.

2. How does Spring Boot auto-configuration work?

o Auto-configuration uses @EnableAutoConfiguration, which scans
for spring.factories files to find and apply configurations based
on the presence of specific classes in the classpath.
3. What is the difference between @Value and
@ConfigurationProperties?
o @Value injects individual values. @ConfigurationProperties binds
an entire set of related properties into a Java class, offering type
safety and structure, suitable for hierarchical configurations.
4. What is Spring Boot Actuator and what are its main features?
o Spring Boot Actuator provides production-ready endpoints like
/health, /metrics, /info, which help monitor and manage
applications.
5. What is the role of spring.factories in Spring Boot?
o The spring.factories file lists auto-configuration classes, which
are loaded automatically by Spring Boot based on conditions.
6. How do you manage multiple environments (dev, test, prod) in
Spring Boot?
o Using application-{profile}.yml or .properties files and
specifying the active profile using spring.profiles.active in
properties or as a command-line argument.
7. What does Spring Initializr generate for you?
o It sets up the basic project structure, including pom.xml or
build.gradle, the main application class annotated with
@SpringBootApplication, and optional dependencies.

SPRING SECURITY
1. How does Spring Security protect against CSRF?
o It adds a CSRF token to state-changing requests (like POST, PUT).
This token must match the server-side stored token, preventing
CSRF attacks. It can be disabled for stateless APIs.
2. How do you implement role-based access control in Spring
Security?
 o Using annotations like @PreAuthorize("hasRole('ADMIN')"), or
@Secured("ROLE_USER") to restrict access to certain methods or
endpoints.
3. What is the difference between AuthenticationManager and
AuthorizationManager?
o AuthenticationManager handles the authentication process
(validating credentials). AuthorizationManager decides if an
authenticated user has access to specific resources.
4. What is SecurityFilterChain in Spring Security?
o It defines the sequence of security filters applied to HTTP
requests. You configure it via HttpSecurity to control
authentication, authorization, and CSRF settings.
5. How do you restrict a user to only one active session at a time?
o By configuring sessionManagement().maximumSessions(1) and
using HttpSessionEventPublisher to track session lifecycle
events.
6. How do you enable method-level security in Spring?
o By adding @EnableGlobalMethodSecurity(prePostEnabled = true)
in a configuration class and using @PreAuthorize, @PostAuthorize
annotations on methods.
7. How can you prevent XSS in Spring applications?
o By encoding user inputs (e.g., using Thymeleaf’s th:text),
setting Content-Security-Policy headers, and avoiding use of
untrusted HTML.
JAVA FUNDAMENTALS
1. What is the difference between == and .equals()?
o == checks reference equality (same memory address), whereas
.equals() checks object content equality, if overridden.
2. Why is Java platform-independent?
o Java compiles to bytecode, which is executed by the JVM. JVMs
are platform-specific, but bytecode is uniform.
3. Explain private, protected, default, and public access
modifiers.
o private: visible only within class; default: within package;
protected: package + subclasses; public: everywhere.
4. How does Java manage memory?
o Java uses automatic garbage collection. Memory is managed in
the heap (for objects) and stack (for method calls/local
variables).
5. What is polymorphism?
 o The ability to call the same method on different object types. It
allows methods to behave differently based on the object class
(e.g., overriding).
6. What is the difference between final, finally, and finalize()?
o final: used to declare constants or prevent overriding; finally:
block for cleanup after try/catch; finalize(): deprecated method
called before GC.
7. What is the difference between checked and unchecked
exceptions?
o Checked exceptions must be declared in method signatures and
caught; unchecked exceptions (RuntimeException) do not need
to be explicitly handled.
COLLECTION FRAMEWORK
1. What are the differences between ArrayList and LinkedList?
o ArrayList is fast for random access but slow for insert/delete.
LinkedList is better for frequent additions/removals.
2. How does HashMap handle collisions?
o Using chaining. Multiple entries are stored in a bucket as a linked
list or a tree if too many elements (Java 8+).
3. Compare HashSet, TreeSet, and LinkedHashSet.
o HashSet: no order; TreeSet: sorted; LinkedHashSet: insertion order
maintained.
4. When would you use ConcurrentHashMap?
o In multithreaded environments where high read/write
concurrency is needed. It uses segment-level locking.
5. Why should you override equals() and hashCode()?
o To ensure consistent behavior in collections like HashMap and
HashSet where hashing is involved.
6. How do you sort a custom object in Java?
o Implement Comparable or provide a Comparator and use
Collections.sort() or List.sort().
7. What is the difference between fail-fast and fail-safe iterators?
o Fail-fast throws ConcurrentModificationException when modified
during iteration. Fail-safe iterates over a copy.
REST API
1. What is idempotency in REST APIs?
o Idempotent operations return the same result no matter how
many times they are called (e.g., GET, PUT, DELETE).
2. How would you implement pagination in a REST API?
o Use query params like ?page=1&size=10 and return metadata
such as total pages and item count in response.
 3. Difference between PUT and PATCH?
o PUT replaces the entire resource. PATCH updates only specific
fields.
4. How do you secure REST APIs?
o Using HTTPS, JWT/OAuth2, CSRF protection (if stateful), and role-
based access control.
5. What are the core REST principles?
o Statelessness, client-server architecture, cacheable responses,
uniform interface, and layered architecture.
6. What are some API versioning strategies?
o URI versioning (/v1/users), header versioning, or query param
versioning.
7. What is HATEOAS?
o Hypermedia As The Engine Of Application State. It includes links
in responses to guide clients on possible actions.
SQL
1. How to find the second highest salary using SQL?
o SELECT MAX(salary) FROM employees WHERE salary < (SELECT
MAX(salary) FROM employees);
2. Explain INNER JOIN, LEFT JOIN, and FULL OUTER JOIN.
o INNER: only matching rows. LEFT: all from left + matches. FULL:
all rows from both, matched or not.
3. What is the difference between GROUP BY and HAVING?
o GROUP BY groups rows; HAVING filters groups after aggregation.
4. What is a Common Table Expression (CTE)?
o A temporary named result set using WITH that helps in modular
queries.
5. How would you find duplicate emails in a user table?
o SELECT email, COUNT(*) FROM users GROUP BY email HAVING
COUNT(*) > 1;
6. How do you update records in one table based on another?
o Using UPDATE ... FROM syntax or subquery with correlated
update.
7. Difference between EXISTS and IN?
o IN compares values; EXISTS checks for the existence of rows.
EXISTS is generally better for correlated subqueries.