How would you explain Cross-Site Request Forgery (CSRF) to a junior developer, and what is the best way to prevent it?