System hardening should implement which key principle?

The principle of least privilege or access control is a cornerstone of system hardening strategies. By implementing this principle, users and systems are granted only the minimum levels of access necessary to perform their functions. This reduces the potential impact of a security breach, as it limits the ability of an attacker who gains access to a system.

For instance, if a user only requires read access to a specific database, granting them write access increases risk unnecessarily. By ensuring that every user or process operates with the least amount of privilege necessary, the attack surface is minimized, making it more challenging for unauthorized users to exploit vulnerabilities.

Within this context, the other options do not align with best practices for system security. Maximum access for all users would significantly increase risk, as it would allow any user to manipulate critical systems or data. Complete open access to all systems would completely undermine security protocols, leaving the system vulnerable to attacks. Using default configurations often leaves systems exposed to known vulnerabilities, as these configurations may not adequately protect against threats and can be easily exploited by malicious actors.