Which step is part of enforcing least privilege management?

Enforcing least privilege management involves ensuring that users and systems are granted the minimum levels of access – or permissions – necessary to perform their tasks. Disabling default accounts and settings is a crucial part of this process because default accounts often come with pre-defined privileges that can grant broader access than necessary. By disabling these accounts, or adjusting their permissions to align with least privilege principles, organizations can reduce the risk of unauthorized access or misuse.

While options like engaging in security control testing, developing product concepts, and mocking up real-world environments are important practices in broader security management and system design, they do not directly relate to enforcing the principle of least privilege. Security control testing focuses on evaluating existing controls and their effectiveness, product development deals with the creation of new offerings without specific ties to permissions management, and creating environmental mock-ups is about visualization and planning rather than access control strategies. Thus, disabling default accounts and settings directly supports the goal of minimizing access and maintaining security compliance.