All Practice Exams
100+ Free Tencent Cloud Expert Developer Practice Questions
Tencent Cloud Certified Expert – Developer (TCE) practice questions are available now; exam metadata is being verified.
✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0
A TKE pod keeps getting `OOMKilled`. The container has a memory limit of 512 Mi. The developer increases the limit to 1 Gi but the pod still gets OOMKilled within 30 seconds. What is the MOST likely cause?
A
B
C
D
to track
Same family resources
Explore More Tencent Cloud Certifications
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
2026 Statistics
Key Facts: Tencent Cloud Expert Developer Exam
Expert
Highest Tier
Tencent Cloud (4 levels: Practitioner/Associate/Professional/Expert)
3 tracks
Expert Certifications
Tencent Cloud (Developer, Architect, Operations)
2 years
Validity Period
Tencent Cloud (all tiers)
Not published
Exam Fee (English)
Check cloud.tencent.com/edu for current pricing
120–180 hrs
Recommended Study
Based on exam depth and prerequisite experience
Chinese primary
Exam Language
Tencent Cloud (English availability unconfirmed)
TCE-Developer is the highest Tencent Cloud certification for developers. It tests expert-level design and implementation of serverless, microservices, service mesh, distributed systems, IaC, and security patterns on Tencent Cloud. Official exam format details (questions, time, fee, passing score) are not publicly published in English as of 2026. Preparation typically requires 120–180 hours and holding a Professional-level developer credential.
Sample Tencent Cloud Expert Developer Practice Questions
Try these sample questions to test your Tencent Cloud Expert Developer exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.
1Your SCF (Serverless Cloud Function) cold starts are causing p99 latency spikes above 3 seconds for a latency-sensitive API. The function uses a 512 MB memory allocation and initializes a large SDK on startup. Which approach BEST reduces cold-start impact without rewriting the function?
A.Switch the function trigger from API Gateway to CKafka to batch invocations
B.Enable SCF Provisioned Concurrency to keep a fixed number of instances pre-initialized
C.Increase the function timeout from 30 s to 900 s to absorb initialization time
D.Move all SDK initialization code inside the event handler rather than the global scope
Explanation: SCF Provisioned Concurrency pre-warms a configurable number of function instances, eliminating cold-start initialization for those instances and removing p99 spikes. Switching triggers changes invocation semantics but does not eliminate cold starts. Increasing timeout does not prevent cold starts—it only prevents timeouts. Moving initialization inside the handler makes cold starts worse, not better.
2A distributed microservice on TKE uses Tencent Cloud Service Mesh (TCM) for inter-service traffic management. You need to implement a canary release sending 5% of production traffic to a v2 deployment while keeping 95% on v1. Which TCM resource is the correct primary control point?
A.DestinationRule with subset definitions and a VirtualService with weighted routing
B.Kubernetes Deployment with a 5:95 replica ratio between v2 and v1 pods
C.Istio PeerAuthentication policy with mTLS mode set to PERMISSIVE
D.TCM IngressGateway annotation `nginx.ingress.kubernetes.io/canary-weight: 5`
Explanation: In TCM (which is built on Istio), a DestinationRule defines named subsets (v1, v2) and a VirtualService applies traffic-weight rules (5% to v2, 95% to v1) — the correct two-resource pattern for weighted canary releases. Replica-ratio canary is a poor approximation with no precision. PeerAuthentication controls mTLS, not traffic weights. The nginx annotation applies only to nginx ingress, not to service-mesh sidecar routing.
3You are designing an event-driven pipeline on Tencent Cloud. Upstream producers publish domain events at up to 50,000 messages/second with occasional burst spikes to 200,000/second. Downstream consumers must process messages in strict per-partition order. Which messaging service and configuration is MOST appropriate?
A.CMQ Queue in FIFO mode with message retention set to 7 days
B.CKafka (Tencent Cloud Kafka) with enough partitions, producer key-based routing, and a single consumer group per partition
C.TDMQ RabbitMQ with exclusive queues per consumer
D.SCF async invocation with COS as the event source trigger
Explanation: CKafka (managed Kafka) handles millions of messages per second, supports partition-level ordering when producers route by message key, and allows consumer groups to read each partition sequentially. CMQ FIFO does not scale to 200 k/s bursts. RabbitMQ exclusive queues cannot maintain ordering across rebalances at that throughput. SCF+COS triggers are batch-oriented and do not provide per-key ordering semantics.
4Your Terraform configuration uses the tencentcloud provider to manage TKE clusters. After upgrading the cluster Kubernetes version, `terraform plan` shows a force-replace for the cluster resource even though only the `cluster_version` attribute changed. What is the MOST likely cause and remediation?
A.Tencent Cloud Terraform provider does not support in-place cluster upgrades; you must use the console
B.The `cluster_version` attribute is marked `ForceNew` in the provider schema; pin the version and upgrade via the tctl CLI outside Terraform
C.You must run `terraform taint` on the cluster resource before upgrading the version
D.The provider requires a `lifecycle { ignore_changes = [cluster_version] }` block to permit in-place version changes
Explanation: In older versions of the tencentcloud Terraform provider, `cluster_version` was annotated `ForceNew`, meaning any change triggers resource destruction and re-creation. The standard remediation is to pin the version in Terraform state and perform the actual Kubernetes upgrade through the TKE console or tctl, then update the state with `terraform refresh` or a state import. Using `ignore_changes` suppresses the diff but does not perform the upgrade.
5An application uses TencentDB for Redis (cluster mode) to cache session data. Developers report that KEYS * commands issued during load testing cause production latency spikes. What is the BEST architectural fix?
A.Increase Redis maxmemory-policy to allkeys-lru so eviction prevents key accumulation
B.Replace KEYS * with SCAN using a cursor with a small COUNT to iterate keys incrementally
C.Shard session data into multiple Redis instances to reduce per-instance key count
D.Enable TencentDB Redis slow-query log and set slowlog-log-slower-than to 0 to capture all commands
Explanation: KEYS * is an O(N) blocking command that holds the Redis event loop for its entire execution, causing latency spikes proportional to database size. Replacing it with SCAN (cursor-based, non-blocking) iterates keys incrementally without blocking other commands. Changing eviction policy affects memory management, not command blocking. Sharding reduces key count per shard but does not prevent KEYS * from blocking within each shard. Enabling slow-query logging diagnoses the problem but does not fix it.
6You are implementing a CI/CD pipeline using CODING DevOps (Tencent Cloud's integrated DevOps platform). Your pipeline needs to build a Docker image, push it to TCR (Tencent Container Registry), and deploy it to TKE via kubectl. Which CODING pipeline artifact configuration correctly authenticates to TCR without embedding credentials in pipeline code?
A.Store the TCR password as a CODING environment variable and reference it in the docker login command
B.Configure a TCR Service Connection in CODING and reference the connection ID in the pipeline Docker plugin step
C.Generate a permanent API key and encode it in base64 in a Kubernetes Secret, then mount it in the build pod
D.Use a public TCR instance namespace so no authentication is required for push operations
Explanation: CODING DevOps supports native TCR Service Connections that store credentials securely and inject them without exposing secrets in pipeline YAML. The Docker plugin step references the connection by ID, handles login automatically, and avoids any credential leakage. Storing passwords as environment variables risks exposure in logs. Embedding API keys in base64 Kubernetes Secrets is not encrypted by default and still embeds credentials in code. Public TCR namespaces allow unauthenticated pulls, not pushes.
7A microservice architecture on TKE uses gRPC for internal communication. The service mesh (TCM) must enforce mTLS between all services AND allow external HTTPS traffic from the internet through the IngressGateway. Which combination of TCM policies achieves this?
A.PeerAuthentication mode=STRICT cluster-wide and a Gateway resource with TLS mode=PASSTHROUGH for external traffic
B.PeerAuthentication mode=STRICT cluster-wide and a Gateway resource with TLS mode=SIMPLE (server-side TLS) terminating at the IngressGateway
C.PeerAuthentication mode=PERMISSIVE cluster-wide and RequestAuthentication with JWT for internal services
D.AuthorizationPolicy with action=ALLOW for all principals plus a VirtualService rewriting HTTPS to HTTP
Explanation: PeerAuthentication STRICT enforces mTLS for all pod-to-pod traffic in the mesh. For the IngressGateway (which is outside the mesh peer plane), configuring a Gateway with TLS mode=SIMPLE terminates HTTPS externally and the gateway then communicates internally over mTLS. PASSTHROUGH mode does not terminate TLS at the gateway, so the backend service must handle TLS itself. PERMISSIVE mode allows plaintext, defeating mTLS enforcement. JWT RequestAuthentication is for user identity, not service-to-service mTLS.
8When configuring auto-scaling for a TKE node pool, you want to scale out when average CPU utilization across all pods in a Deployment exceeds 70% and scale in gracefully waiting for active connections to drain. Which Kubernetes and TKE features should you configure together?
A.HorizontalPodAutoscaler targeting CPU 70%, node pool min/max bounds, and a preStop lifecycle hook with a sleep to allow connection draining
B.VerticalPodAutoscaler in Auto mode to resize pod CPU requests, plus node pool cluster-autoscaler with scale-down-delay-after-add
C.Custom metrics API with application QPS metric, KEDA ScaledObject, and a PodDisruptionBudget
D.TKE scheduled scaling action at peak hours and a Kubernetes readiness probe to delay traffic during startup
Explanation: HPA targeting CPU 70% handles pod-level scale-out; the node pool cluster-autoscaler adds nodes when pods are pending. A preStop lifecycle hook with a sleep (e.g., 30 s) gives the load balancer time to deregister the pod before the container stops, allowing active connections to drain. VPA resizes CPU requests vertically rather than scaling out. KEDA is for custom/event metrics. Scheduled scaling cannot react to dynamic load.
9Your application stores large binary blobs in COS. A client SDK uploads 5 GB files using multipart upload. Uploads sometimes fail mid-way and restart from scratch. What COS feature eliminates the need to restart large uploads after failures?
A.COS Versioning — each partial upload creates a new object version that can be resumed
B.COS multipart upload resume: store the UploadId from InitiateMultipartUpload and ListParts to identify completed parts, then continue uploading only missing parts
C.Enable COS Transfer Acceleration so the upload completes faster and the window for failure is shorter
D.Set the COS object ACL to private and use a presigned URL with a 24-hour expiry to avoid authentication interruptions
Explanation: COS multipart upload allows resumability: the UploadId returned by InitiateMultipartUpload persists server-side. If the upload fails, you call ListParts with that UploadId to see which parts succeeded, then re-upload only the missing parts before calling CompleteMultipartUpload. Versioning tracks complete object versions, not partial uploads. Transfer Acceleration reduces latency but does not provide resume capability. Presigned URLs handle authentication, not resume.
10You are building a distributed transaction spanning TencentDB MySQL and a downstream microservice call. You need atomicity across both operations. Which pattern is MOST appropriate on Tencent Cloud?
A.Use a two-phase commit (2PC) XA transaction across TencentDB MySQL and the microservice HTTP endpoint
B.Implement the Saga pattern: each service executes a local transaction and publishes a domain event to CKafka; compensating transactions handle rollback
C.Use TencentDB global transaction manager (GTM) with distributed XA across all participating MySQL instances
D.Wrap both operations in a single SCF function and rely on SCF's built-in transaction retry mechanism
Explanation: The Saga pattern is the recommended approach for distributed transactions in microservice architectures: each participant executes a local ACID transaction, publishes an event (e.g., to CKafka), and listens for events to trigger compensating actions on failure. 2PC with HTTP endpoints couples services tightly and has poor failure recovery. TencentDB GTM is for distributed MySQL sharding scenarios, not cross-service HTTP transactions. SCF has no built-in database transaction semantics.
About the Tencent Cloud Expert Developer Practice Questions
Verified exam format metadata for Tencent Cloud Certified Expert – Developer (TCE) is pending. The practice questions above remain available while official exam length, timing, passing score, fee, and administrator details are reviewed.