🔥 3-day streak
Professional Cloud DevOps Engineer15 / 165
Question 15 of 165
Your platform team runs a single Cloud Build project that hosts triggers for dozens of application repositories. Currently all triggers execute using the default Cloud Build service account, which has broad Editor-level permissions across the project. A security audit flags this as excessive: a compromised build for one low-privilege app could push images and deploy to resources belonging to other teams. You must reduce blast radius while keeping each pipeline able to perform only the actions it needs. What should you do?
Reviewed for accuracy · Report an issueNext question