Question 1
Difficulty: medium
How do you typically structure a Spring Boot application to keep it maintainable as it grows?
Sample answer
I usually structure a Spring Boot application around clear business domains rather than just technical layers. For example, I separate controller, service, repository, and domain packages, but I avoid letting those become dumping grounds. If the application starts to grow, I prefer a package-by-feature approach so related classes stay together. I also keep configuration isolated, use DTOs at the API boundary, and avoid exposing entities directly in controllers. That helps reduce coupling and makes refactoring safer. On the service side, I try to keep methods focused on one business use case, not a long list of unrelated operations. I also pay attention to testability from the start by making dependencies explicit and avoiding static utility patterns unless they truly belong there. In larger systems, I like introducing clear interfaces where they add value, but I do not over-engineer abstractions early. My goal is always to keep the code readable for the next developer and easy to evolve without breaking everything.
Question 2
Difficulty: hard
How do you troubleshoot performance issues in a Spring Boot API?
Sample answer
My first step is to identify whether the issue is actually in the application, the database, or external dependencies. I look at response times, logs, metrics, and thread usage before changing code. In Spring Boot, I often start with Actuator endpoints, application metrics, and profiler data to see where time is being spent. If the problem is database related, I check query execution plans, indexing, N+1 queries, and whether I am fetching more data than needed. If it is application-side, I look for expensive object mapping, repeated calls to remote services, or inefficient loops. I also verify whether caching would help, but I use it carefully and only when the data access pattern justifies it. For slow startup or memory issues, I review bean initialization, large dependency graphs, and unnecessary eager loading. I like making one change at a time and measuring again so I can prove the impact instead of guessing. That keeps the fix targeted and stable.
Question 3
Difficulty: hard
Describe how you would secure a Spring Boot REST API.
Sample answer
I would secure a Spring Boot REST API in layers, starting with authentication and then adding authorization, transport security, and input protection. In most projects, I prefer Spring Security with JWT or OAuth2 depending on the architecture. I would define which endpoints are public and which require specific roles or scopes, and I would make those rules explicit in the security configuration rather than hidden in the business logic. I also make sure sensitive endpoints are protected against common issues like weak password handling, unsafe CORS settings, and missing CSRF considerations when relevant. For the API itself, I validate inputs carefully so bad requests do not become security problems or cause unexpected failures. I also avoid returning internal exception details to clients, because that can leak useful information. Logging is important too, but I am careful not to log secrets or personal data. In practice, I treat security as part of the design, not something I add at the end.
Question 4
Difficulty: medium
Tell me about a time you had to debug a production issue in a Spring Boot service.
Sample answer
In one project, we had a Spring Boot service that suddenly started timing out under moderate traffic after a deployment. I began by checking logs and metrics to see whether the issue was a spike in request volume, a database slowdown, or a code regression. The error pattern pointed to one endpoint, so I compared the new release with the previous version and narrowed it down to a query that was loading a much larger object graph than intended. The change looked harmless in code review, but it created an N+1 problem in production. I reproduced the issue in staging with realistic data, confirmed the SQL behavior, and then changed the repository query to fetch only the needed fields. I also added a regression test so the same pattern would be easier to catch in the future. After the fix, response times dropped back to normal. That experience reminded me to validate data access changes with production-like data, not just unit tests.
Question 5
Difficulty: medium
How do you decide between using Spring MVC and Spring WebFlux?
Sample answer
I choose based on the actual workload rather than using WebFlux just because it is newer. If the service is mostly handling standard REST requests, database access through JPA, and the team is comfortable with the traditional servlet model, Spring MVC is usually the better choice because it is simpler to reason about and easier to maintain. I consider WebFlux when I have a highly concurrent service, lots of non-blocking I/O, or a need to stream data efficiently. But I am careful: if the rest of the stack is blocking, WebFlux can add complexity without real benefit. I also think about team experience, debugging maturity, and operational support. In a production environment, simplicity often wins unless there is a clear scalability or responsiveness need. My approach is to match the framework to the system requirements, not to the trend. That usually leads to better performance and fewer surprises during development and support.
Question 6
Difficulty: medium
How do you write effective tests for Spring Boot applications?
Sample answer
I try to use a testing strategy that gives good confidence without becoming slow or brittle. For business logic, I prefer unit tests around service methods so I can verify rules and edge cases quickly. For repository logic, I like integration tests with a real database or a close test equivalent when the query behavior matters. For controllers, I use slice tests or API tests to confirm request mapping, validation, and response formats. I do not aim to test everything through the controller layer because that tends to make tests harder to maintain. Instead, I focus on the behavior that matters: input validation, branching logic, security rules, and critical data transformations. I also pay attention to test data setup so tests are readable and deterministic. If I find myself repeating a lot of setup, I refactor the test code just as carefully as production code. Good tests should make the code safer to change, not slow the team down. That balance is what I aim for.
Question 7
Difficulty: medium
How would you handle API versioning in a Spring Boot application?
Sample answer
I would choose an API versioning strategy based on the expected lifecycle of the service and how much change I need to support. For public or long-lived APIs, I usually prefer versioning in the URL or through request headers, depending on the consumer needs and the organization’s standards. The key is consistency. Once a versioning approach is chosen, I keep it predictable so clients are not forced to guess where changes appear. I also try to minimize breaking changes by using backward-compatible additions whenever possible, such as adding new fields instead of changing existing ones. In Spring Boot, I can manage versions cleanly with request mappings, separate DTOs, and controller classes when the change is significant. I also document deprecation timelines clearly so consumers are not surprised. My goal is not just to support multiple versions technically, but to make the transition manageable for downstream teams. Versioning is as much about communication as it is about code.
Question 8
Difficulty: easy
What do you check when a Spring Boot application is failing to start?
Sample answer
When a Spring Boot application fails to start, I first read the startup log carefully from top to bottom instead of jumping to the last line only. Spring Boot usually gives strong clues if you pay attention to the first real error, whether it is a missing bean, a property binding issue, a port conflict, or a database connection problem. I check active profiles, environment variables, and configuration files to make sure the expected values are being loaded. If the failure is bean-related, I look for circular dependencies, incorrect component scanning, or conflicting annotations. If the problem happens after a recent change, I compare that change against what was working before. I also verify external dependencies like the database, cache, or message broker because startup often depends on them. When needed, I temporarily reduce the scope by disabling nonessential configuration to isolate the cause. My approach is to narrow the failure down systematically rather than guessing, because startup issues often come from configuration, not core logic.
Question 9
Difficulty: hard
How do you work with JPA and Hibernate without creating performance problems?
Sample answer
I use JPA and Hibernate carefully because they make development faster, but they can hide expensive database behavior if I am not paying attention. I avoid loading full entities when a projection or DTO is enough, especially in read-heavy endpoints. I also watch for lazy loading issues and the classic N+1 problem, which can quietly destroy performance. When I need relationships, I think about whether fetch joins, entity graphs, or batch fetching make the most sense for the use case. I also keep transactions focused so I do not hold database resources longer than needed. Another habit I follow is to treat the database as something to design around, not something Hibernate should completely abstract away. That means checking generated queries, validating indexes, and thinking about access patterns early. JPA is great when used intentionally, but I do not assume it will optimize itself. I always test with realistic data volumes before saying a design is good enough for production.
Question 10
Difficulty: easy
How do you collaborate with frontend developers or other teams when building Spring Boot services?
Sample answer
I try to make collaboration easy by being clear and predictable. At the beginning of a feature, I like to confirm the API contract early, including request and response shapes, validation rules, error formats, and any edge cases the frontend might need to handle. If another team depends on the service, I document changes before they become surprises. I also try to design APIs that are consistent and easy to consume, because that reduces back-and-forth later. When requirements are unclear, I ask practical questions about user flows and failure states instead of assuming. If we need to change something in a live system, I communicate the impact, rollout plan, and timeline in advance. I have found that good collaboration is usually less about meetings and more about reducing ambiguity. On the technical side, I often provide sample payloads, test data, or Postman collections so integration moves faster. My goal is to be the person who helps other teams move confidently rather than creating extra coordination work for them.
