Refer to the exhibit. A developer is configuring Cloud Build to build a Docker image from a Cloud Source Repository. The build fails with a permission error. What is the most likely reason?
Cloud Build needs source.reader to read the repository.
Why this answer
The build fails with a permission error because the Cloud Build service account does not have the `roles/source.reader` role on the Cloud Source Repository. Without this role, the service account cannot read the source code from the repository, which is required to trigger the build. The error is not about building permissions but about accessing the source.
Exam trap
Cisco often tests the distinction between build execution permissions (roles/cloudbuild.builds.builder) and source access permissions (roles/source.reader), leading candidates to incorrectly choose the builder role when the actual error is about reading the source repository.
How to eliminate wrong answers
Option A is wrong because the `roles/cloudbuild.builds.builder` role is required for executing builds, but the error here is a permission error related to accessing the source repository, not a lack of build execution permissions. Option C is wrong because a build trigger is not required for a manual build from a Cloud Source Repository; the build can be started directly via the API or gcloud command. Option D is wrong because the `source` field is not mandatory in a build config file; the source can be specified in the build trigger or API call, and its absence would cause a different error (e.g., 'source not specified'), not a permission error.