Which of the following statements is true about external org-wide defaults?

The statement that external org-wide defaults must be equal to or more restrictive than internal defaults is accurate because Salesforce enforces a security model where external users' access cannot exceed the access granted to internal users. This means that if internal org-wide defaults are set to a certain level of visibility and access, external org-wide defaults must be set to the same level or be more restrictive to maintain data privacy and security. This ensures that sensitive information is appropriately protected when shared externally, reflecting Salesforce's commitment to safeguarding data integrity and confidentiality.

This principle is crucial for organizations that engage with external stakeholders, as it helps to manage user access effectively while adhering to internal security policies. Therefore, companies must consider their internal settings carefully when configuring external access to ensure compliance with their data governance strategies.