Custom post type: check permissions and validate nonce

I have a custom post type with the following capabilities:

$capabilities = array(
    'read_post' => 'administrator',
    'read_private_posts' => 'administrator',
    'publish_posts' => 'administrator',
    'edit_post' => 'administrator',
    'edit_posts' => 'administrator',
    'edit_published_posts' => 'administrator',
    'edit_others_posts' => 'administrator',
    'edit_private_posts' => 'administrator',
    'delete_post' => 'administrator',
    'delete_posts' => 'administrator',
    'delete_published_posts' => 'administrator',
    'delete_others_posts' => 'administrator',
    'delete_private_posts' => 'administrator'
);

Do I still need to use something like current_user_can() when saving (via save_post), to validate whether that user has permissions to add or edit a post, or does setting the capabilities take care of that?

Since this is not a custom page in WordPress, but rather a custom post type, do I need to verify the nonce or is this built-in when using a custom post type? I should note that I’m not using any WordPress fields (such as title, body, etc) in that post type. There is one pair of fields that have been added using add_meta_box().

Solutions Collecting From Web of "Custom post type: check permissions and validate nonce"