1. On  Employee Central Portal, only the most recent published version of each knowledge article should be visible - For this, I see only recent published version is available on the portal. From where, I can validate this if this is OOB feature available?

2. Version history for each knowledge article will be available on the ServiceNow backend view (restrict access certain groups) - 

checked in the system, found this script include 'KBKnowledgeSNC' . How can I restrict version history for certain defined groups?

canRead: function(knowledgeGR) {

        // Case1: User has passed in a new legacy record, so do not give them permission to read this record (Let existing legacy ACLs handle this instead)
        if (knowledgeGR.isNewRecord())
            return this.canCreate();

        // Case2: User has passed in an existing legacy record, so do not give them permission to read this record (Let existing legacy ACLs handle this instead)
        if (!this.isRecordVersion3(knowledgeGR))
            return false;

        // Case3: User has knowledge_admin role, so give them permission to read this record
        if (this.isAdminUser(knowledgeGR))
            return true;

        // Case4: User is knowledge base owner, so give them permission to read this record
        if (this.isKnowledgeBaseOwner(knowledgeGR, this.PATH_TO_OWNER))
            return true;

        // Case5: User is knowledge base manager, so give them permission to read this record
        if (this.isKnowledgeBaseManager(knowledgeGR, this.PATH_TO_MANAGERS))
            return true;

        if(this.isVersioningInstalled() && this.isMemberOfValidGroup(knowledgeGR,this.OWNERSHIP_GROUP))
            return true;

        //PRB752684 Fix
        //If article is not published or outdated additional roles may be required to view the article based on
        //property values and state of the article.

        // Case6: If user can only read from the knowledge base, show them published and outdated kb_knowledge
        if (this.safeExecute(this._knowledgeHelper.canRead, knowledgeGR)) {
            if((knowledgeGR.workflow_state == "published" || 
            knowledgeGR.workflow_state == "outdated"  || this.safeExecute(this._knowledgeHelper.canReadUnpublished, knowledgeGR))){
                // Use role based security on article if property is set to true
                var useRoleBasedSecurity = gs.getProperty("glide.knowman.search.apply_role_based_security", true);
                if(useRoleBasedSecurity == "true" && !knowledgeGR.roles.nil() && knowledgeGR.roles != ""){
                    return gs.hasRole(knowledgeGR.roles);
                }
                return true;
            }
        }
        else {
            if(gs.getProperty("glide.knowman.apply_article_read_criteria", "false") == "true")
                return false;
        }

        // Case7: If the user can contribute to the knowledge base allow them to read the knowledge record
        if (this.safeExecute(this._knowledgeHelper.canContribute, knowledgeGR))
            return true;    

        // Default: User should NOT be given permission to read this record
        return false;
    },