-Tor Browser is configured for maximum privacy out of the box, and requires very minimal configuration (all you should really change is the security slider).
-Tor Browser is bundled with HTTPS Everywhere and NoScript. HTTPS Everywhere upgrades insecure HTTP connections to HTTPS, and NoScript can block unwanted JavaScript/executable content from loading, or to block it entirely. It also prevents security exploits like cross site scripting (XSS) and clickjacking.
Tor exit nodes don't keep logs on your browsing activities due to the way the Tor network works.
With Tor, your traffic is routed through three consecutive nodes. The first node is the one your computer communicates with, and the last one is the one facing the site.
The first node (the entry node) can see your IP address but can't see who you're communicating with. The last node (the exit node) can see where your traffic is directed, but can't see your IP address. In order to de-anonymize a user (assuming he/she isn't using an onion service) you would have to gain control of an entry node and an exit node. It's unlikely your Tor Browser will build a circuit (a series of nodes) that has both a malicious entry and exit node in it.
All traffic between Tor nodes is encrypted, and only the exit node can see your traffic in plaintext.
This isn't a major concern though, since (most) websites use HTTPS. Therefore, unless you're browsing a plain HTTP site, the exit node can't snoop on your data.