11 - Full Mock Exam Revision Guide
A comprehensive revision guide covering the top Spring Professional concepts, common exam traps, interview questions, and last-minute cheat sheets for Spring Professional Certification candidates. Covers Spring Framework 6 and Spring Boot 3 concepts.
Table of Contents
- Top 100 Spring Professional Concepts
- Common Mistakes
- Interview Questions
- Exam Traps
- One-Page Cheat Sheet
- Last-Minute Revision Notes
1. Top 100 Spring Professional Concepts
| No. | Concept | Revision Note |
|---|---|---|
| 1 | Inversion of Control | Objects receive dependencies instead of creating them directly. |
| 2 | Dependency Injection | Spring injects required collaborators through constructor, setter, or field injection. |
| 3 | Constructor Injection | Preferred for mandatory dependencies and immutability. |
| 4 | Setter Injection | Useful for optional dependencies. |
| 5 | Field Injection | Concise but harder to test and not preferred. |
| 6 | Bean | An object managed by the Spring IoC container. |
| 7 | ApplicationContext | Central Spring container that manages beans, configuration, events, resources, and environment. |
| 8 | BeanFactory | Basic container; ApplicationContext is the richer commonly used container. |
| 9 | Bean Definition | Metadata used by Spring to create and configure a bean. |
| 10 | Component Scanning | Automatically detects classes annotated with stereotypes such as @Component. |
| 11 | @Component | Generic stereotype for Spring-managed classes. |
| 12 | @Service | Service-layer stereotype; semantically indicates business logic. |
| 13 | @Repository | Persistence-layer stereotype; enables exception translation. |
| 14 | @Controller | MVC controller stereotype. |
| 15 | @RestController | Combines @Controller and @ResponseBody. |
| 16 | @Configuration | Declares Java-based Spring configuration. |
| 17 | @Bean | Declares a bean from a method inside a configuration class. |
| 18 | Bean Scope | Defines bean lifecycle and instance reuse. |
| 19 | Singleton Scope | One bean instance per Spring container; default scope. |
| 20 | Prototype Scope | New bean instance each time requested from the container. |
| 21 | Request Scope | One bean instance per HTTP request. |
| 22 | Session Scope | One bean instance per HTTP session. |
| 23 | Bean Lifecycle | Creation, dependency injection, initialization, use, and destruction. |
| 24 | @PostConstruct | Runs after dependency injection. |
| 25 | @PreDestroy | Runs before bean destruction for singleton beans. |
| 26 | BeanPostProcessor | Hook to modify beans before and after initialization. |
| 27 | Profiles | Activate environment-specific beans and configuration. |
| 28 | @Profile | Registers a bean only when specific profiles are active. |
| 29 | Externalized Configuration | Uses properties, YAML, environment variables, and command-line arguments. |
| 30 | @Value | Injects individual property values. |
| 31 | @ConfigurationProperties | Binds grouped configuration into typed objects. |
| 32 | Environment | Abstraction over profiles and property sources. |
| 33 | Property Source Order | Determines which configuration value wins when duplicate keys exist. |
| 34 | Auto-Configuration | Spring Boot configures beans based on classpath, properties, and existing beans. |
| 35 | @SpringBootApplication | Combines @SpringBootConfiguration, @EnableAutoConfiguration, and @ComponentScan. |
| 36 | Starter Dependencies | Curated dependency sets for common Spring Boot features. |
| 37 | Conditional Beans | Beans created only when conditions match, such as @ConditionalOnMissingBean. |
| 38 | Actuator | Production-ready monitoring and management endpoints. |
| 39 | Health Endpoint | Reports application and dependency health. |
| 40 | Metrics | Runtime measurements exposed through Micrometer and Actuator. |
| 41 | AOP | Separates cross-cutting concerns such as transactions, logging, and security. |
| 42 | Aspect | Module containing cross-cutting logic. |
| 43 | Advice | Action taken at a join point, such as before or after method execution. |
| 44 | Pointcut | Expression selecting join points. |
| 45 | Join Point | A point during program execution, usually method execution in Spring AOP. |
| 46 | Proxy | Object that wraps a target to apply additional behavior. |
| 47 | JDK Dynamic Proxy | Interface-based proxy. |
| 48 | CGLIB Proxy | Class-based proxy. |
| 49 | Self-Invocation | Calling another method in the same class bypasses Spring proxy advice. |
| 50 | @Transactional | Declares transactional boundaries. |
| 51 | Transaction Propagation | Defines how a method participates in existing transactions. |
| 52 | REQUIRED | Joins existing transaction or creates a new one. |
| 53 | REQUIRES_NEW | Suspends existing transaction and starts a new one. |
| 54 | NESTED | Uses a savepoint inside an existing transaction. |
| 55 | Transaction Isolation | Controls visibility of concurrent transaction changes. |
| 56 | Rollback Rules | Runtime exceptions and errors roll back by default. |
| 57 | Checked Exception Rollback | Requires rollbackFor. |
| 58 | Read-Only Transaction | Hint for read operations and ORM optimization. |
| 59 | PlatformTransactionManager | Spring abstraction for transaction management. |
| 60 | Spring MVC | Web framework based on DispatcherServlet and controllers. |
| 61 | DispatcherServlet | Front controller for Spring MVC requests. |
| 62 | HandlerMapping | Maps requests to handlers. |
| 63 | HandlerAdapter | Invokes mapped handlers. |
| 64 | ViewResolver | Resolves logical view names to actual views. |
| 65 | @RequestMapping | Maps HTTP requests to controller methods. |
| 66 | @GetMapping | Shortcut for GET request mapping. |
| 67 | @PostMapping | Shortcut for POST request mapping. |
| 68 | @RequestParam | Binds query parameters or form parameters. |
| 69 | @PathVariable | Binds URI template variables. |
| 70 | @RequestBody | Binds HTTP request body to an object. |
| 71 | @ResponseBody | Writes return value directly to HTTP response body. |
| 72 | Validation | Uses Bean Validation annotations such as @NotNull and @Size. |
| 73 | @Valid | Triggers validation on method parameters. |
| 74 | Exception Handling | Uses @ExceptionHandler and @ControllerAdvice. |
| 75 | REST | Resource-oriented HTTP API style. |
| 76 | HTTP Status Codes | Communicate request outcome, such as 200, 201, 400, 404, and 500. |
| 77 | Spring JDBC | Simplifies JDBC with JdbcTemplate. |
| 78 | JdbcTemplate | Handles connection management, statements, and result mapping. |
| 79 | Spring Data JPA | Repository abstraction over JPA. |
| 80 | Repository Interface | Provides CRUD and query methods. |
| 81 | Derived Query Method | Query generated from method name. |
| 82 | @Query | Declares custom JPQL or native SQL. |
| 83 | Entity | JPA-mapped domain object. |
| 84 | EntityManager | JPA interface for persistence context operations. |
| 85 | Persistence Context | First-level cache and entity state manager. |
| 86 | Lazy Loading | Loads associations on demand. |
| 87 | Eager Loading | Loads associations immediately. |
| 88 | N+1 Query Problem | One query loads parents, then many queries load children. |
| 89 | Spring Security | Authentication, authorization, and protection framework. |
| 90 | Authentication | Verifies user identity. |
| 91 | Authorization | Determines what an authenticated user can access. |
| 92 | SecurityFilterChain | Defines web security filters and authorization rules. |
| 93 | PasswordEncoder | Hashes and verifies passwords. |
| 94 | CSRF Protection | Protects browser-based state-changing requests. |
| 95 | Testing Support | Spring provides integration testing with @SpringBootTest. |
| 96 | Test Slices | Narrow tests such as @WebMvcTest, @DataJpaTest, and @JsonTest. |
| 97 | MockMvc | Tests Spring MVC without starting a real server. |
| 98 | @MockBean | Replaces a bean in the Spring test context with a mock. |
| 99 | Application Events | Publish and listen to events inside the application context. |
| 100 | Resource Abstraction | Access files, classpath resources, URLs, and servlet resources uniformly. |
2. Common Mistakes
| Mistake | Why It Is Wrong | Correct Approach |
|---|---|---|
| Using field injection everywhere | Makes dependencies hidden and testing harder. | Prefer constructor injection. |
Assuming @Autowired is required on one constructor | Since Spring 4.3, a single constructor is autowired automatically. | Omit @Autowired for a single constructor. |
| Putting business logic in controllers | Mixes web and business layers. | Keep controllers thin and use services. |
Using @Component instead of specific stereotypes everywhere | Loses semantic clarity. | Use @Service, @Repository, and @Controller where appropriate. |
| Forgetting that singleton beans are shared | Mutable state can leak between requests. | Keep singleton beans stateless or synchronize state carefully. |
| Injecting prototype into singleton and expecting new instance each call | The prototype is resolved once when singleton is created. | Use ObjectProvider, lookup method injection, or scoped proxy. |
Expecting @Transactional on private methods to work | Spring proxies cannot intercept private method calls. | Put transactions on public service methods. |
| Calling a transactional method from the same class | Self-invocation bypasses the proxy. | Move the method to another bean or call through the proxy. |
| Expecting checked exceptions to roll back automatically | Spring commits by default for checked exceptions. | Use rollbackFor. |
| Catching and swallowing transactional exceptions | Spring sees normal completion and commits. | Rethrow or mark rollback-only intentionally. |
Using REQUIRES_NEW without understanding connection usage | It may need another database connection. | Use only for truly independent transactions. |
Assuming readOnly = true always prevents writes | It is often an optimization hint, not a security rule. | Enforce write restrictions in logic and permissions. |
| Using high isolation everywhere | Reduces concurrency and can cause blocking. | Use the database default unless stronger consistency is needed. |
| Returning JPA entities directly from APIs | Can expose internals and trigger lazy loading issues. | Use DTOs for API responses. |
| Ignoring N+1 queries | Causes poor performance under load. | Use fetch joins, entity graphs, or DTO queries. |
Using @SpringBootTest for all tests | Loads full context and slows test suite. | Use test slices when possible. |
| Mocking everything in integration tests | Reduces confidence in Spring wiring. | Mock only external boundaries when needed. |
| Disabling CSRF without reason | Weakens browser security. | Disable only for stateless APIs or when appropriate. |
| Storing plain-text passwords | Severe security risk. | Use PasswordEncoder. |
| Exposing all Actuator endpoints publicly | Can leak sensitive operational data. | Secure and limit exposed endpoints. |
3. Interview Questions
Core Container
- What is the difference between IoC and Dependency Injection?
- What is a Spring bean?
- What is the role of
ApplicationContext? - How is
ApplicationContextdifferent fromBeanFactory? - What are the common bean scopes?
- What is the default bean scope?
- What happens when a prototype bean is injected into a singleton bean?
- What is component scanning?
- What is the difference between
@Component,@Service, and@Repository? - What is the purpose of
@Configuration? - What is the difference between
@Beanand@Component? - What is a BeanPostProcessor?
- What are
@PostConstructand@PreDestroyused for? - What is constructor injection and why is it preferred?
- How does Spring resolve multiple beans of the same type?
Configuration and Boot
- What does
@SpringBootApplicationinclude? - What is auto-configuration?
- How does Spring Boot decide which auto-configuration to apply?
- What are starter dependencies?
- What is the purpose of
application.propertiesorapplication.yml? - What is the difference between
@Valueand@ConfigurationProperties? - What are profiles?
- How do you activate a Spring profile?
- What is conditional configuration?
- How can you override default Spring Boot configuration?
AOP and Transactions
- What is AOP?
- What is an aspect?
- What is advice?
- What is a pointcut?
- What is a join point in Spring AOP?
- What is the difference between JDK dynamic proxies and CGLIB proxies?
- Why does self-invocation bypass AOP?
- What does
@Transactionaldo? - What is the default transaction propagation?
- What is the difference between
REQUIREDandREQUIRES_NEW? - What is the difference between
NESTEDandREQUIRES_NEW? - Which exceptions cause rollback by default?
- How do you roll back for checked exceptions?
- What is transaction isolation?
- What is the purpose of
PlatformTransactionManager?
Web and REST
- What is the DispatcherServlet?
- What is the flow of a Spring MVC request?
- What is the difference between
@Controllerand@RestController? - What is the difference between
@RequestParamand@PathVariable? - What does
@RequestBodydo? - What does
@ResponseBodydo? - How do you validate request data?
- How do you handle exceptions globally?
- What is
ResponseEntityused for? - Which HTTP status code should be returned after successful creation?
Data Access
- What is
JdbcTemplate? - How does Spring translate persistence exceptions?
- What is Spring Data JPA?
- What is a repository interface?
- What are derived query methods?
- What is the purpose of
@Query? - What is the persistence context?
- What is the first-level cache?
- What is lazy loading?
- What causes
LazyInitializationException? - What is the N+1 query problem?
- How can N+1 queries be avoided?
- What is optimistic locking?
- What is pessimistic locking?
- What is the difference between JPQL and native SQL?
Security
- What is Spring Security?
- What is authentication?
- What is authorization?
- What is
SecurityFilterChain? - What is the role of
UserDetailsService? - What is
PasswordEncoder? - Why should passwords not be stored in plain text?
- What is CSRF?
- When can CSRF be disabled?
- How do method security annotations work?
Testing and Operations
- What is
@SpringBootTest? - What is a test slice?
- What is
@WebMvcTest? - What is
@DataJpaTest? - What is MockMvc?
- What is
@MockBeanused for? - How do you test transactional behavior?
- What is Spring Boot Actuator?
- What is the health endpoint?
- What are metrics used for?
Scenario Questions
- A transactional method is not rolling back. What would you check?
- A bean is not being discovered. What would you check?
- Two beans of the same type exist. How can you resolve injection ambiguity?
- A test is slow. How can you improve it?
- An API returns lazy loading errors. How would you fix it?
- An audit log must be saved even if the main transaction rolls back. Which propagation should you use?
- A report query should not run inside a transaction. Which propagation can you use?
- A read API is slow due to many queries. What would you investigate?
- A production app exposes too much Actuator data. What should be changed?
- A controller has too much logic. How should it be refactored?
- An endpoint accepts invalid payloads. How should validation be added?
- A password login implementation compares raw strings. What is wrong?
- A checked exception occurs but data is committed. Why?
- A method annotated with
@Transactionalis called from the same class. What happens? - Which Spring features are implemented using proxies?
4. Exam Traps
| Trap | Correct Answer |
|---|---|
@Transactional works on self-invocation | False. Proxy advice is bypassed. |
| Checked exceptions roll back by default | False. Use rollbackFor. |
@Service adds special transactional behavior | False. It is mainly a stereotype. |
@Repository only marks a DAO | It also participates in persistence exception translation. |
| Singleton means one instance per JVM | Not exactly. It is one instance per Spring container. |
| Prototype beans are destroyed automatically like singletons | False. Spring does not manage full destruction lifecycle for prototypes. |
@SpringBootApplication scans the whole classpath | False. It scans from its package downward by default. |
@Bean methods can only create application classes | False. They can create third-party objects too. |
@RestController returns view names | False. It writes response bodies by default. |
@RequestParam and @PathVariable are the same | False. Query/form parameter vs URI template variable. |
@RequestBody binds query parameters | False. It binds the HTTP body. |
readOnly = true always blocks writes | False. It is commonly a hint or optimization. |
REQUIRES_NEW joins the current transaction | False. It suspends the current transaction and starts another. |
NESTED commits independently | False. It uses a savepoint and depends on the outer commit. |
READ_COMMITTED prevents phantom reads | False. It prevents dirty reads. |
SERIALIZABLE gives best performance | False. It gives strongest isolation but usually lowest concurrency. |
@WebMvcTest loads the full application | False. It loads MVC-related components. |
@DataJpaTest is for controller testing | False. It is for JPA-related tests. |
| Spring Security only handles login pages | False. It handles authentication, authorization, filters, CSRF, headers, and more. |
| Actuator endpoints should all be public | False. Sensitive endpoints must be secured. |
5. One-Page Cheat Sheet
Core Annotations
| Annotation | Purpose |
|---|---|
@Component | Generic Spring bean. |
@Service | Service-layer bean. |
@Repository | Persistence bean with exception translation. |
@Controller | MVC controller. |
@RestController | REST controller returning response bodies. |
@Configuration | Java configuration class. |
@Bean | Bean-producing method. |
@Autowired | Dependency injection. |
@Qualifier | Selects a specific bean. |
@Primary | Preferred bean when multiple candidates exist. |
@Profile | Profile-specific bean registration. |
@Value | Injects a property value. |
@ConfigurationProperties | Type-safe grouped property binding. |
Spring Boot
| Feature | Key Point |
|---|---|
@SpringBootApplication | Configuration, auto-configuration, and component scan. |
| Auto-configuration | Based on classpath, properties, and existing beans. |
| Starters | Dependency bundles for common capabilities. |
| Actuator | Health, metrics, info, and management endpoints. |
| Profiles | Environment-specific configuration. |
Transactions
| Topic | Key Point |
|---|---|
| Default propagation | REQUIRED |
| Default isolation | DEFAULT |
| Default rollback | RuntimeException and Error |
| Checked rollback | Use rollbackFor |
| Independent transaction | REQUIRES_NEW |
| Savepoint transaction | NESTED |
| Read optimization | @Transactional(readOnly = true) |
| Main abstraction | PlatformTransactionManager |
Propagation
| Propagation | Meaning |
|---|---|
REQUIRED | Join or create transaction. |
REQUIRES_NEW | Suspend current and create new transaction. |
SUPPORTS | Join if present, otherwise no transaction. |
MANDATORY | Must have existing transaction. |
NOT_SUPPORTED | Suspend current and run without transaction. |
NEVER | Fail if transaction exists. |
NESTED | Savepoint inside existing transaction. |
Isolation
| Isolation | Prevents |
|---|---|
READ_UNCOMMITTED | Nothing significant. |
READ_COMMITTED | Dirty reads. |
REPEATABLE_READ | Dirty and non-repeatable reads. |
SERIALIZABLE | Dirty, non-repeatable, and phantom reads. |
MVC and REST
| Annotation/Class | Purpose |
|---|---|
DispatcherServlet | Front controller. |
@RequestMapping | General request mapping. |
@GetMapping | GET mapping. |
@PostMapping | POST mapping. |
@RequestParam | Query/form parameter. |
@PathVariable | URI path variable. |
@RequestBody | Request body to object. |
@ResponseBody | Return object as response body. |
ResponseEntity | Response body, headers, and status. |
@ControllerAdvice | Global controller advice. |
@ExceptionHandler | Exception-specific handler. |
Data
| Topic | Key Point |
|---|---|
JdbcTemplate | Simplifies JDBC resource handling. |
| Spring Data JPA | Repository abstraction for JPA. |
| Derived queries | Built from repository method names. |
| Persistence context | Tracks managed entities. |
| Lazy loading | Loads associations when accessed. |
| N+1 problem | Many extra queries for associations. |
| DTO projection | Efficient read model for APIs. |
Security
| Topic | Key Point |
|---|---|
| Authentication | Who the user is. |
| Authorization | What the user can access. |
SecurityFilterChain | Defines filter-based security. |
PasswordEncoder | Hashes and verifies passwords. |
| CSRF | Protects browser-based state-changing requests. |
| Method security | Secures service methods. |
Testing
| Annotation/Tool | Purpose |
|---|---|
@SpringBootTest | Full application context test. |
@WebMvcTest | MVC slice test. |
@DataJpaTest | JPA slice test. |
MockMvc | MVC testing without real server. |
@MockBean | Replaces Spring bean with mock. |
6. Last-Minute Revision Notes
Must-Remember Defaults
| Topic | Default |
|---|---|
| Bean scope | Singleton |
| Transaction propagation | REQUIRED |
| Transaction isolation | Database default through Isolation.DEFAULT |
| Transaction rollback | Runtime exceptions and errors |
| Spring Boot scan package | Package of main application class and subpackages |
@RestController behavior | Returns response body |
@SpringBootTest behavior | Loads full application context |
High-Value Points
- Prefer constructor injection for required dependencies.
@Repositoryenables persistence exception translation.@SpringBootApplicationincludes component scanning from its package downward.- Auto-configuration backs off when user-defined beans are present.
- Spring AOP is proxy-based.
- Self-invocation bypasses proxy-based AOP.
@Transactionalusually belongs on service-layer methods.- Checked exceptions do not roll back unless configured.
REQUIRES_NEWcreates an independent transaction.NESTEDuses savepoints and depends on outer commit.readOnly = trueis not a universal write blocker.- Higher isolation means stronger consistency but lower concurrency.
- Use DTOs to avoid exposing entities and lazy loading problems.
- Use test slices to keep tests focused and fast.
- Secure Actuator endpoints in production.
Last-Minute Transaction Review
@Transactional(
propagation = Propagation.REQUIRED,
isolation = Isolation.DEFAULT,
rollbackFor = Exception.class,
readOnly = false
)
| If You Need | Use |
|---|---|
| Atomic business operation | @Transactional on service method |
| Rollback for checked exception | rollbackFor |
| Audit commit independent of main failure | REQUIRES_NEW |
| Partial rollback to savepoint | NESTED |
| Read optimization | readOnly = true |
Last-Minute Web Review
| Requirement | Use |
|---|---|
| Return JSON directly | @RestController |
| Bind URL segment | @PathVariable |
| Bind query parameter | @RequestParam |
| Bind JSON body | @RequestBody |
| Validate request body | @Valid |
| Global error handling | @ControllerAdvice |
| Custom status and headers | ResponseEntity |
Last-Minute Data Review
| Problem | Solution |
|---|---|
| Repetitive JDBC boilerplate | JdbcTemplate |
| Basic CRUD repository | Spring Data JPA repository |
| Custom JPQL | @Query |
| Lazy loading error | Fetch inside transaction or use DTO query |
| N+1 queries | Fetch join, entity graph, batch fetching, or DTO projection |
| Concurrent update conflict | Optimistic or pessimistic locking |
Last-Minute Security Review
| Requirement | Use |
|---|---|
| Define web security | SecurityFilterChain |
| Load user data | UserDetailsService |
| Hash passwords | PasswordEncoder |
| Protect browser forms | CSRF protection |
| Secure service methods | Method security annotations |
Final Exam Strategy
- Read each option carefully; many wrong answers are almost correct.
- Watch for words like always, never, only, and automatically.
- For transaction questions, identify proxy boundaries, exception type, propagation, and isolation.
- For Boot questions, remember auto-configuration is conditional.
- For testing questions, choose the narrowest test slice that satisfies the scenario.
- For MVC questions, distinguish path variables, query parameters, and request bodies.
- For security questions, separate authentication from authorization.
- For data questions, think about transaction boundaries, persistence context, lazy loading, and query count.