Explanation
The network administrator is noticing a web attack that attempts to access the /etc/shadow file on a Linux web server. The /etc/shadow file contains the encrypted passwords of all users on the system and is a common target for attackers. The attack uses a technique called directory traversal, which exploits a vulnerability in the web application that allows an attacker to access files or directories outside of the intended scope by manipulating the file path.
Validating the server input and appending the input to the base directory path would be the best action for the network administrator to take to defend against this type of web attack, because it would:
Check the user input for any errors, malicious data, or unexpected values before processing it by the web application.
Prevent directory traversal by ensuring that the user input is always relative to the base directory path of the web application, and not absolute to the root directory of the web server.
Deny access to any files or directories that are not part of the web application's scope or functionality.

Establishing one-way trust from Company B to Company A would allow users from Company B to access Company A's resources using their existing credentials. Implementing attribute-based access control would allow users to have different sets of rights and privileges based on their attributes, such as department and IP address. Verified Reference:
https://www.cloudflare.com/learning/access-management/what-is-sso/
https://frontegg.com/blog/a-complete-guide-to-implementing-single-sign-on
https://learn.microsoft.com/en-us/host-integration-server/esso/enterprise-single-sign-on-basics

Explanation
OCSP stapling and HSTS are the best options to meet the requirements of reducing the risk of on-path attacks and implementing stronger digital trust. OCSP stapling allows the social media servers to improve TLS performance by sending a signed certificate status along with the certificate, eliminating the need for the client to contact the CA separately. HSTS allows the social media servers to inform the client to only use HTTPS and prevent downgrade attacks.