I agree in priciple w/ your comments. A "good admin" should never surf the internet. But the point of turning on all those settings is to mitigate any potenial security leaks while still keeping basic functionality. Plus adding the ability to remove the security if the admin so desires. Security is by it's very nature a battle between functionality and safety with a delicate balance being redefined continiously.
I felt the presentation was a little cursory overall and stated a lot of obvious and uninteresting points. I wonder how much prep work goes into each of these interviews...both by the interviewer and interviewee