Universal Containers has requirement to integrate Salesforce with an external system to control record access.
What option should the Architect consider when designing a solution?

For the Universal Containers Commercial and Consumer support departments, having access to Activities for Contacts with which they interact is important. Commercial support users should not see Consumer Accounts/Contacts and Consumer support users should not see Commercial Accounts/Contacts. Assuming the Organization-Wide Default for Activities is set to "Controlled by Parent" what is the minimum level of Sharing access a support user would need to Accounts/Contacts to view associated Activities?

The system administrator of Cosmic Solutions recently created a custom profile for sales users that allows them to view and edit the records of a custom object called 'Shipment'. There are more than 100 sales users in the company. The Sales Director has now informed the administrator that five of those users should not be able to edit any Shipment records. What should a Solution Architect recommend for the requirement?Choose 1 answer.

What is the security vulnerability in the following code snippet?
<apex:form>
<apex:commandButton rerender="outputIt" value="Update It"/>
<apex:inputText value="{ !myTextField}"/>
</apex:form>
<apex:outputPanel id="outputIt">
Value of myTextField is <apex:outputText value="{!myTextField}" escape="false"/>
</apex:outputPanel>

Universal Containers has implemented a community for its customers using the Customer Community sense type. They have implemented a custom object to store service requests that has a look up to the account record.
The Organization Wide Default External Access for the service request object is set to Private. Universal Containers wants their customers to be able to see service requests for their account through the community Customers should not see service requests for other accounts. What Salesforce feature can the Architect use to implement this?