The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.
Solution: The statement is false

Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?
Solution: Yes, an Okta Application Integration Agent

Whenever you make an API call, you will then get back:
Solution: Okta events under '/events' endpoint

As an Okta admin, when you implement IWA, you have to know how to successfully test it to see if it's working. For this you:
Solution: Paste into a browser configured for DSSO the IWA redirect URL along with '/authenticated.aspx' after it, hit 'Enter' and check the message returned

Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?
Solution: You can do this with both policy types mentioned