How should the Architect ensure that object-level security is enforced within a custom Visualforce application that uses a standard Apex controller on the Lead object?

What feature in Salesforce is needed to restrict access to a custom object that has Public Read/Write access?

Cosmic Circle Financial uses the Contact object to store customer information. A Text Area (Long) field has been created on the object by an administrator to store demographic data. Whenever a new contact is created, the data in this field should be transmitted to an external service provider for the purpose of data collection and analysis. In order to comply with regulatory requirements, it is necessary to encrypt this field at rest and in transit. Which of the following can be used for this requirement?Choose 1 answer.

To grant Universal Containers sales manager access to shipment records properly, it was necessary to leverage Apex managed sharing. The IT team is worried about improper access to records.
Which two features and best practices should a Salesforce architect recommend to mitigate this risk?

Universal Containers has implemented a community for its customers using the Customer Community sense type. They have implemented a custom object to store service requests that has a look up to the account record. The Organization Wide Default External Access for the service request object is set to Private. Universal Containers wants their customers to be able to see service requests for their account through the community Customers should not see service requests for other accounts. What Salesforce feature can the Architect use to implement this?