To enhance security on a new web server, which action should you take?

Enhancing security on a new web server involves implementing best practices that can help protect the system from unauthorized access and potential threats. Creating a secondary administrator account is a proactive measure to enhance security by ensuring that there are multiple authorized users with administrative privileges. This approach allows for basic redundancy — in case one account is compromised or becomes inaccessible, the other can still maintain administrative control. Additionally, it can help distribute responsibilities across trusted users, reducing the risk of a single point of failure or exploitation.

Using a secondary administrator account can also facilitate better monitoring and accountability. By employing distinct accounts for different administrators, it is easier to track changes and actions taken on the server, thereby enhancing audit capability and minimizing risks associated with administrative access.

The other options do not contribute positively to enhancing the security of a web server. Disabling firewall settings exposes the server to threats from the external network, while limiting access to external networks is a basic security measure but does not directly address internal management. Using single sign-on can improve usability but may not significantly address specific security concerns related to the web server itself.