Hi! I was asked the following questions during an interview and here are my answers. The interviewer was not satisfied with my answers. I hope you can guide me to the right answers.
Q1) What is the difference between Spring and Spring Boot?
My Answer: Spring Boot can be compiled as a jar file with
Tomcat as a plugin jar to run together. Spring usually is compiled as a war file and run in the webapp directory.
Spring Boot has hot code replacement. Meaning: HTML file can be edited in an
IDE and just reload the webpage in the browser, without re-compiling and restarting Tomcat. Spring cannot do that.
Spring Boot does not require many configurations that Spring requires. <But I was asked what kind of configurations but I couldn't answer>.
I did not have any more suggestions to give and the interviewer was not satisfied.
Q2) For an API, what security would I implement to ensure that the requested client is legitimate and not some attacker.
My Answer: Use a pre-agreed token consisting of a hash to be places the HTTP request header to ensure the client is legitimate. All other requests are denied if the wrong token was used or no token was given.
The interviewer was not satisfied with my answer.
Q3) What do I do if there is an DDOS attack to the API?
My answer: Use a CSRF token. A randomly generated alpha-numeric token between requests and response.
Again, he was not satisfied.
I hope someone can advise on these questions so that I can learn from my mistakes.
Thanks in advance.