To ensure that only the record owner and the administrator have access to a custom object with Private sharing settings, which two options should be chosen?

To secure a custom object with Private sharing settings so that only the record owner and the administrator can access it, disabling "Grant Access Using Hierarchies" is essential. When this feature is turned off, it prevents higher roles in the role hierarchy from inheriting access to records owned by users in lower roles. As a result, only direct record owners and administrators will have visibility, aligning perfectly with the requirement to restrict access.

By default, private sharing settings allow access for users who fall into higher roles in the hierarchy, so turning off this setting effectively enforces a strict access protocol, ensuring that only specific individuals—the owners and the admin—can view or interact with the records in question.

Other options like disabling "Create" or "Read" permissions for all other profiles do not directly address visibility concerns. Similarly, disabling "View All" permission affects a broader access structure rather than limiting it strictly to the owner and administrator, which may inadvertently influence other operational capabilities across the organization. Thus, the best approach to meet the requirement for limiting access while adhering to private sharing settings is to disable "Grant Access Using Hierarchies."