Google Professional Cloud Architect (PCA) — Questions 9761000

1000 questions total · 14pages · All types, answers revealed

Page 13

Page 14 of 14

976
MCQmedium

Your organization stores critical financial data in Cloud Storage. You need to ensure that if an object is deleted or overwritten, you can recover it within 30 days. What feature should you enable?

A.Set a retention policy with a 30-day retention period
B.Configure lifecycle management to delete objects after 30 days
C.Enable object versioning on the bucket
D.Enable Bucket Lock with a retention policy
AnswerC

Versioning retains non-current versions, enabling recovery.

Why this answer

Cloud Storage offers object versioning and retention policies to protect data. Versioning keeps non-current versions of objects, allowing recovery from accidental deletion or overwrites. Object retention policies (e.g., retention policy or hold) prevent deletion or modification for a specified period, but versioning is the primary mechanism to recover from deletion.

977
MCQhard

Refer to the exhibit. The SLO for the payments-api service is 99.9% availability over 30 days. The current compliance is 99.89% and the error budget is exhausted. Which action should the SRE team take FIRST?

A.Increase the SLO target to 99.99% to reduce future burn rate.
B.Pause all non-critical deployments and investigate the cause of the increased error rate.
C.Trigger a rollback of the latest deployment to stabilize the service.
D.Scale up the service to handle more traffic and reduce error rate.
AnswerB

This aligns with error budget policy: when budget is exhausted, slow down or stop deployments to prevent further errors.

Why this answer

With the error budget exhausted and a high burn rate, the team should immediately stop all non-critical deployments to prevent further degradation and allow the error budget to recover.

978
MCQeasy

A company needs to store archival data that is accessed less than once a year and must be retained for 10 years for compliance. The data retrieval time is not critical. Which Cloud Storage class is MOST cost-effective?

A.Coldline storage class
B.Standard storage class
C.Nearline storage class
D.Archive storage class
AnswerD

Archive is the lowest-cost class for long-term retention with rare access.

Why this answer

Archive storage is the cheapest class for long-term archival data accessed less than once a year. Coldline is for 90-day access, Nearline for 30-day, and Standard for frequent access. Archive has the lowest storage cost but higher retrieval costs and minimum storage duration of 365 days.

979
MCQhard

A company has a GKE cluster with Workload Identity enabled. A pod needs to access a BigQuery dataset in a different project. The team has created a service account in the pod's project and granted it BigQuery Data Viewer on the dataset. They also created an IAM policy binding between the Kubernetes service account and the Google service account. The pod still gets permission denied. What is missing?

A.The Google service account needs the iam.workloadIdentityUser role on itself
B.The Kubernetes service account needs the iam.workloadIdentityUser role
C.The pod needs a node pool with Workload Identity enabled
D.The BigQuery dataset must be in the same project as the cluster
AnswerA

This role allows the Kubernetes service account to impersonate the Google service account.

Why this answer

Workload Identity requires the Google service account to be granted the iam.workloadIdentityUser role on the Google service account itself, not just on the Kubernetes service account.

980
MCQhard

An engineering team wants to perform load testing on their new microservices-based application deployed on GKE. They need a tool that can simulate thousands of concurrent users, generate detailed performance metrics, and integrate with Cloud Monitoring. Which tool should they use?

A.Locust
B.Cloud Load Testing
C.Apache JMeter
D.gcloud alpha loadtest
AnswerB

Cloud Load Testing is a managed service that generates load from multiple regions and provides metrics in Cloud Monitoring.

Why this answer

Cloud Load Testing (formerly known as Cloud Load Testing) is a Google Cloud service that allows you to create load tests with simulated users and integrates with Cloud Monitoring for detailed metrics. Locust is an open-source alternative but lacks native integration with Cloud Monitoring.

981
MCQhard

A company runs an e-commerce platform on Google Cloud. The application is deployed on Google Kubernetes Engine (GKE) with a regional cluster (us-central1, three zones). The frontend service is exposed via an HTTP Load Balancer with Cloud CDN. Recently, during a flash sale, users experienced high latency and occasional 502 errors. The backend service is a Java application that reads from Cloud Spanner. The team has observed that Spanner CPU utilization averaged 65% during the sale, with a few spikes to 80%. The number of frontend pods was auto-scaled to 50, each running on n1-standard-2 nodes. The node pool is set to autoscale up to 100 nodes. The errors appear to correlate with periods of high CPU on the nodes, but not always. What is the most likely cause and recommended action?

A.Scale up the Cloud Spanner instance to handle higher peak CPU, as the 80% spikes indicate insufficient capacity.
B.Change the backend service to use a multi-zone NEG that includes endpoints from all three zones, and ensure the load balancer is configured for cross-zone load balancing.
C.Increase the CPU request for the frontend pods and set a higher target CPU utilization for the Horizontal Pod Autoscaler.
D.Increase the health check interval and timeout settings to give pods more time to respond before being marked unhealthy.
AnswerB

This ensures traffic is distributed evenly across zones, reducing cross-zone latency and preventing a single zone from being overloaded.

Why this answer

The high latency and 502 errors are likely caused by the HTTP Load Balancer sending requests to unhealthy backend pods due to zone-imbalanced traffic. A regional GKE cluster with a multi-zone NEG and cross-zone load balancing ensures that the load balancer distributes requests evenly across all pods in all three zones, preventing node CPU spikes in a single zone from causing errors. Option B directly addresses this by enabling proper traffic distribution, which is the most probable root cause given that node CPU spikes correlate with errors but not always.

Exam trap

The trap here is that candidates focus on scaling the database (Spanner) or adjusting pod-level configurations, when the real issue is zone-imbalanced traffic distribution from the HTTP Load Balancer, a common misdiagnosis in multi-zone GKE setups.

How to eliminate wrong answers

Option A is wrong because Spanner CPU at 65% average with spikes to 80% is well within acceptable limits (Spanner can handle up to 65-70% sustained CPU before needing scaling, and 80% spikes are transient); the errors correlate with node CPU, not Spanner CPU, so scaling Spanner would not resolve the issue. Option C is wrong because increasing CPU requests and HPA target utilization would reduce pod density per node, potentially worsening node CPU spikes and not addressing the load balancer's zone-imbalanced traffic distribution. Option D is wrong because increasing health check intervals and timeouts would make the load balancer slower to detect unhealthy pods, increasing the chance of routing traffic to failing pods and exacerbating 502 errors, not reducing them.

982
Multi-Selecthard

A team is designing a disaster recovery (DR) plan for a critical application. Which THREE components are essential for a robust DR plan? (Choose 3)

Select 3 answers
A.Failover procedures and runbooks
B.Regular backups to a separate region
C.A single-region deployment for consistency
D.Monitoring and alerting for disaster events
E.Load testing to validate performance
AnswersA, B, D

Well-documented failover steps ensure quick recovery.

Why this answer

Failover procedures and runbooks (A) are essential because they provide step-by-step instructions for executing a controlled transition to the secondary site, ensuring minimal downtime and consistent recovery actions. Without documented runbooks, teams risk misconfigurations during a disaster, which can extend recovery time objectives (RTO) beyond acceptable limits.

Exam trap

Google Cloud often tests the misconception that a single-region deployment is acceptable for DR if it has high availability within that region, but the exam emphasizes that DR requires geographic separation to survive a full regional failure.

983
MCQmedium

A financial services company requires a globally distributed relational database with strong consistency and horizontal scalability to serve a multi-region banking application. Write conflicts are rare. Which database should they choose?

A.Firestore in Native mode
B.Cloud SQL with cross-region replication
C.Cloud Bigtable
D.Cloud Spanner
AnswerD

Spanner is a globally distributed, strongly consistent relational database designed for multi-region deployments.

Why this answer

Cloud Spanner is the only Google Cloud database that provides global distribution, strong consistency, and horizontal scalability for relational workloads. It uses true-time technology for external consistency. Bigtable is NoSQL; Firestore is eventually consistent; Cloud SQL is regional.

984
MCQhard

A startup is designing a real-time leaderboard for a multiplayer game. The leaderboard must update within seconds of a score change and handle millions of concurrent players. Strong consistency is not required, but availability is critical. Which database is most suitable?

A.Cloud Memorystore
B.Cloud Spanner
C.Cloud Firestore
D.Cloud Bigtable
AnswerD

Bigtable offers high throughput and low latency for simple key-value operations like leaderboards, and eventual consistency is acceptable.

Why this answer

Cloud Bigtable is optimized for high-throughput, low-latency reads and writes, and can serve as a leaderboard backend if row keys are designed properly. It offers eventual consistency, which is acceptable here. Cloud Spanner provides strong consistency but is more expensive and may have higher latency.

Firestore is good for real-time updates but may not handle millions of concurrent updates easily. Memorystore (Redis) can also do leaderboards but is not a database for persistent storage; it's a cache.

985
MCQmedium

A company is using Cloud Functions (2nd gen) for event-driven processing of uploaded images in Cloud Storage. Each image is resized to multiple sizes and stored back in different buckets. Recently, the number of uploads has increased 10x, and the team notices that some images are not being processed, and logs show function execution timeouts after 60 seconds. The function's timeout is set to 60 seconds. The code processes images sequentially. The team needs to reliably process all images with minimal code changes. What should they do?

A.Increase the memory allocation for the function.
B.Use Cloud Tasks to queue the processing and run the function as a task handler.
C.Increase the Cloud Function timeout to 540 seconds.
D.Split the function into separate functions for each resize operation.
AnswerB

Cloud Tasks allows asynchronous processing with retries, reducing timeouts and enabling parallel execution.

Why this answer

Option D is correct because using Cloud Tasks decouples the processing, allowing retries and better scaling. Option A (increase timeout) delays the problem. Option B (split into multiple functions) requires significant code changes.

Option C (increase memory) may speed up processing but may not handle all image sizes reliably.

986
MCQeasy

A company wants to automatically rotate cryptographic keys on a schedule without manual intervention. Which service should they use?

A.Cloud Key Management Service (KMS)
B.Secret Manager
C.Cloud Audit Logs
D.Cloud IAM
AnswerA

Cloud KMS allows automatic key rotation.

Why this answer

Cloud KMS supports automatic key rotation. Option A is for managing secrets. Option C is for access control.

Option D is for auditing.

987
Multi-Selectmedium

A team needs to set up alerting for a production service. They want to receive notifications when the 99th percentile latency exceeds 500ms for 5 minutes. Which two Cloud Monitoring components are required? (Choose two.)

Answer options not yet available.

Why this answer

To alert on latency, you need a metric (e.g., from Cloud Monitoring) and an alerting policy that defines the condition and notification channel. A dashboard is not required. SLO is not required, but can be used.

Log-based metrics are for logs, not latency.

988
MCQeasy

You are configuring a Cloud Monitoring alerting policy to notify your SRE team when the error rate of a service exceeds 5% over a 5-minute window. Which type of metric evaluation should you use?

A.Window-based
B.Log-based
C.Request-based
D.Health check-based
AnswerA

Window-based metrics evaluate conditions over a sliding time window.

Why this answer

A window-based metric evaluation (e.g., rate, ratio, or count over a sliding window) is appropriate for error rate over a 5-minute window. Request-based is for latency SLOs.

989
MCQhard

Your company runs a critical application on Google Kubernetes Engine (GKE) in us-central1. The application consists of a frontend deployment with 3 replicas and a backend statefulset with 5 replicas using persistent volumes (SSD). Recently, the team noticed that during a regional outage in us-central1, the application became completely unavailable. They want to design a multi-region architecture that can survive a regional failure with RPO of 1 hour and RTO of 30 minutes. The application is stateless on the frontend but the backend stores critical data on persistent disks. The backend can operate in a read-only mode from a secondary region if needed. They have a limited budget and want to minimize ongoing costs. Which approach should they take?

A.Migrate the backend to Cloud SQL for MySQL with cross-region replication, and keep the frontend on GKE with multi-region ingress.
B.Deploy the frontend and backend in a regional GKE cluster and use regional persistent disks for the statefulset, replicating data synchronously across zones.
C.Deploy the frontend and backend in a single zonal cluster in us-central1-a, and use scheduled snapshots of persistent disks to a different region.
D.Deploy the frontend and backend in a regional GKE cluster across us-central1, and use a CronJob to take snapshots of persistent volumes every hour and copy them to a secondary region. In disaster, restore the snapshots to a new cluster in the secondary region.
AnswerD

Regional cluster survives zonal failure; snapshots provide cross-region backup with RPO 1 hour and RTO within 30 minutes if restore is automated.

Why this answer

Option D meets the RPO of 1 hour by using a CronJob to take hourly snapshots of PersistentVolume data and copy them to a secondary region. In a disaster, you restore those snapshots to a new GKE cluster in the secondary region, achieving an RTO of 30 minutes by automating the restore process. This approach minimizes ongoing costs because snapshots are incremental and you only pay for storage in the secondary region when needed, while the frontend remains stateless and can be redeployed quickly.

Exam trap

Google Cloud often tests the distinction between zonal, regional, and multi-region resilience; the trap here is that candidates may choose regional persistent disks (Option B) thinking they provide multi-region protection, when in fact they only replicate across zones within a single region.

How to eliminate wrong answers

Option A is wrong because migrating to Cloud SQL for MySQL with cross-region replication introduces significant ongoing costs for a managed database service and may not align with the existing statefulset architecture; it also requires application changes to use Cloud SQL instead of persistent disks. Option B is wrong because regional persistent disks replicate synchronously across zones within a single region, which does not protect against a full regional outage in us-central1. Option C is wrong because a single zonal cluster in us-central1-a cannot survive a regional failure, and scheduled snapshots to a different region without a restore plan in a secondary cluster do not meet the RTO of 30 minutes.

990
MCQhard

A company is migrating a legacy monolithic application to a microservices architecture on GKE. They want to gradually shift traffic from the monolith to the new services. They also need to route requests based on headers (e.g., for A/B testing). Which GKE feature should they use?

A.Anthos Service Mesh
B.GKE Ingress with multiple backend services
C.Node pools with different machine types
D.GKE Autopilot
AnswerA

Anthos Service Mesh (based on Istio) provides advanced traffic management including header-based routing, canary deployments, and traffic splitting.

Why this answer

GKE provides traffic management through Kubernetes Ingress with custom resource definitions like the Multi-Cluster Ingress or using Service Mesh. However, for traffic splitting based on headers, the GKE Ingress alone doesn't support it. GKE supports Service Mesh (Anthos Service Mesh) which uses Istio to provide advanced traffic routing, including header-based routing and canary deployments.

GKE Autopilot is a mode, not a traffic management feature. Node pools are for compute resources.

991
MCQeasy

A user wants to store a database password that will be used by a Compute Engine instance. What is the most secure and manageable approach?

A.Use Secret Manager and grant the instance's service account access to the secret
B.Set the password as an environment variable in instance metadata
C.Store the password in Cloud Storage bucket metadata
D.Store the password in a file on the instance's boot disk
AnswerA

Secret Manager is the recommended way to store secrets with fine-grained access control.

Why this answer

Secret Manager is the most secure and manageable approach because it provides encrypted storage, automatic rotation, and fine-grained access control via IAM. By granting the Compute Engine instance's service account access to the secret, the password is never exposed in plaintext metadata, logs, or disk files, and access can be audited and revoked independently of the instance lifecycle.

Exam trap

Google Cloud often tests the misconception that instance metadata is a secure place for secrets because it is 'internal' to the project, but in reality, metadata is accessible to any process on the instance and is logged, making it unsuitable for sensitive data.

How to eliminate wrong answers

Option B is wrong because setting the password as an environment variable in instance metadata exposes it in the metadata server, which can be accessed by any process on the instance or via the metadata API, and it is logged in Cloud Audit Logs. Option C is wrong because Cloud Storage bucket metadata is not designed for secrets; it is unencrypted at rest by default, accessible via the Storage API, and lacks IAM-level access control for individual metadata entries. Option D is wrong because storing the password in a file on the instance's boot disk persists the secret in the filesystem, making it vulnerable to snapshot exports, disk cloning, and unauthorized OS-level access, and it cannot be centrally managed or rotated.

992
Multi-Selecthard

A company wants to implement a disaster recovery strategy for a critical application running on Compute Engine with state stored on persistent disks. They need an RTO of less than 15 minutes and an RPO of less than 1 hour. Which TWO steps should they take? (Choose two.)

Select 2 answers
A.Set up scheduled snapshots to a multi-regional Cloud Storage bucket
B.Use Cloud DNS with a failover policy
C.Use regional persistent disks for the application data
D.Create a managed instance group with health checks and auto-healing across multiple zones
E.Configure a global HTTP(S) load balancer in front of the application
AnswersC, D

Regional PDs synchronously replicate data across zones, enabling RPO under 1 hour.

Why this answer

Regional persistent disks replicate data synchronously across zones, providing low RPO. A managed instance group with a health check and auto-healing enables fast failover for low RTO. Snapshots have higher RPO.

Cloud DNS is for DNS failover, not for compute failover. Global load balancer is for traffic distribution, not stateful failover.

993
MCQmedium

A company uses Google Cloud Armor to protect their HTTP load balancer from OWASP Top 10 attacks. After deploying a security policy with pre-configured WAF rules, they notice that some legitimate user requests are being blocked because they match a rule incorrectly. The security team wants to fine-tune the rules to reduce false positives while maintaining strong protection. They also want to evaluate the impact of changes before enforcing them. What should they do?

A.Disable the WAF rules entirely and implement IP-based allowlists.
B.Set the WAF rules to 'preview' mode to test their impact without blocking traffic, then adjust thresholds or exclusions based on logs.
C.Add a higher priority allow rule to permit the traffic that is being incorrectly blocked.
D.Remove the WAF rules and rely solely on rate limiting to protect the application.
AnswerB

Preview mode allows safe testing of rule modifications without disrupting legitimate traffic.

Why this answer

Option A is correct because Cloud Armor allows setting a rule to 'preview' mode, which logs matched requests without blocking them. This enables analysis of rule effectiveness before enforcement. Option B is wrong because adding a higher priority allow rule could bypass security.

Option C is wrong because rate limiting does not address WAF false positives. Option D is wrong because disabling WAF removes protection entirely.

994
MCQmedium

Your company uses HA VPN to connect on-premises to Google Cloud. You need to ensure the VPN connection meets a 99.99% SLA. Which configuration is required?

A.A single Cloud VPN gateway with two tunnels to the same on-premises peer gateway.
B.Two Cloud VPN gateways in the same region, each with one tunnel.
C.One Cloud VPN gateway with four tunnels to the same on-premises peer gateway.
D.Two Cloud VPN gateways in different regions, each with two tunnels to the same on-premises peer gateway.
AnswerD

This configuration provides redundancy and meets the 99.99% SLA.

Why this answer

HA VPN provides 99.99% SLA when configured with two Cloud VPN gateways (one per region) and two tunnels per gateway (four tunnels total) from each gateway to the on-premises peer gateway. Each gateway uses a different external IP. A single VPN gateway with two tunnels does not meet the SLA requirement because the gateway itself is a single point of failure.

995
MCQmedium

A company hosts a web application on Google Kubernetes Engine (GKE) and wants to protect against SQL injection attacks. Which service should they configure?

A.Identity-Aware Proxy (IAP)
B.Cloud Armor
C.Cloud Audit Logs
D.Container Analysis
AnswerB

Cloud Armor provides WAF capabilities to block SQL injection.

Why this answer

Cloud Armor with WAF rules can block SQL injection. Option B is for identity. Option C is for container scanning.

Option D is for audit logs.

996
Multi-Selecthard

A global financial services company needs to store transaction data with strong consistency across multiple regions, low latency (single-digit milliseconds), and the ability to scale writes horizontally. They also require SQL query capabilities. Which TWO database services meet these requirements?

Select 1 answer
A.Firestore
B.Cloud Spanner
C.AlloyDB
D.Cloud Bigtable
E.Cloud SQL for PostgreSQL
AnswersB

Spanner is globally distributed, strongly consistent, horizontally scalable, with SQL support and low latency.

Why this answer

Cloud Spanner is the only Google Cloud database that provides globally distributed, strongly consistent, horizontally scalable SQL with single-digit millisecond latency. Cloud SQL is regional and cannot span multiple regions. Bigtable is eventually consistent and does not support SQL.

Firestore is a NoSQL document database with eventual consistency for multi-region. AlloyDB is regional, not global.

997
MCQeasy

A company wants to run a containerized application that scales down to zero when not in use and only incurs costs when requests are being processed. They do not want to manage infrastructure. Which compute service should they use?

A.Cloud Functions
B.Compute Engine
C.Cloud Run
D.Google Kubernetes Engine (GKE) Standard
AnswerC

Cloud Run is serverless, scales to zero, and charges only for request processing time.

Why this answer

Cloud Run is a fully managed serverless container platform that scales to zero and charges only for resources used during request processing. GKE Autopilot manages infrastructure but does not scale to zero (has a minimum node). Cloud Functions scales to zero but is for functions, not containers.

Compute Engine always has running VMs.

998
MCQhard

Refer to the exhibit. An engineer created an instance with a startup script that references a Cloud Storage bucket. The instance boots but the startup script fails. What is the most likely cause?

A.The Cloud Storage bucket 'my-bucket' does not exist or the object 'startup.sh' is missing.
B.The startup script is not executable.
C.The instance does not have the appropriate IAM permissions to read from Cloud Storage.
D.The instance has no network connectivity to access Cloud Storage.
AnswerA

The error 'Could not find resource' indicates the bucket or object does not exist.

Why this answer

The error message indicates that the startup script cannot find the resource at gs://my-bucket/startup.sh. This could be because the bucket does not exist, the object does not exist, or the instance does not have permission to access the bucket. Given that the bucket is named 'my-bucket', it's likely that the bucket does not exist or the name is incorrect.

999
MCQeasy

A startup uses Cloud Functions with a Pub/Sub trigger to process incoming orders. They notice that the function sometimes fails to process messages, and those messages are lost. What is the most likely cause?

A.The subscription has an ackDeadlineSeconds of 600.
B.The Cloud Function has a timeout of 540 seconds.
C.The Pub/Sub topic has a retention duration of 10 minutes.
D.The Cloud Function is configured with retry on failure set to false.
AnswerD

If retry is disabled, failed messages are dropped.

Why this answer

Option D is correct because when a Cloud Function fails to process a Pub/Sub message and retry on failure is set to false, the message is not redelivered. Pub/Sub relies on the subscriber (the Cloud Function) to acknowledge messages; without retries, a failed execution causes the message to be dropped after the ack deadline expires, leading to message loss.

Exam trap

The trap here is that candidates often confuse the Cloud Function's timeout setting with message delivery guarantees, overlooking that the retry on failure flag is the critical control for preventing message loss in Pub/Sub-triggered functions.

How to eliminate wrong answers

Option A is wrong because a longer ackDeadlineSeconds (600 seconds) gives the function more time to process messages, reducing the chance of premature timeout and message loss, not causing it. Option B is wrong because a Cloud Function timeout of 540 seconds is generous and would not cause message loss unless the function consistently exceeds it; the default timeout is 60 seconds, so 540 seconds is actually a mitigation, not a cause. Option C is wrong because a topic retention duration of 10 minutes means messages that are not acknowledged are retained for 10 minutes before being discarded, which is a reasonable duration and does not cause immediate loss; the issue is about the function failing to process, not the topic discarding messages too quickly.

1000
MCQeasy

A developer wants to monitor the CPU usage of a single Compute Engine VM and receive alerts when it exceeds 80%. What is the simplest way to achieve this?

A.Query the Compute Engine API periodically and check CPU usage.
B.Configure a Cloud Logging sink to BigQuery and set a scheduled query to detect high CPU.
C.Install the Cloud Monitoring agent and create an alerting policy based on the metric 'cpu.utilization'.
D.Use the managed instance group's autoscaling metric to trigger a notification.
AnswerC

The Monitoring agent collects CPU utilization from the OS and sends it to Cloud Monitoring, where you can set alerts.

Why this answer

Option C is correct because the Cloud Monitoring agent (formerly Stackdriver agent) collects CPU utilization metrics from Compute Engine VMs and sends them to Cloud Monitoring. You can then create an alerting policy directly on the metric 'cpu.utilization' with a threshold of 80% without any custom scripting or additional infrastructure. This is the simplest and most native approach for a single VM.

Exam trap

Google Cloud often tests the misconception that you need to export logs to BigQuery or query APIs manually, when in fact the Cloud Monitoring agent provides a built-in, agent-based metric that can be alerted on directly.

How to eliminate wrong answers

Option A is wrong because periodically querying the Compute Engine API for CPU usage is inefficient, requires custom code, and does not provide real-time alerting; the API does not expose high-frequency CPU metrics natively. Option B is wrong because exporting logs to BigQuery and running scheduled queries adds unnecessary complexity, latency, and cost; Cloud Logging sinks are for log data, not for real-time metric-based alerting. Option D is wrong because managed instance group autoscaling metrics are designed for scaling groups of VMs, not for alerting on a single VM's CPU usage; they do not trigger notifications directly.

Page 13

Page 14 of 14