Yes, your understanding is correct. However, the CDN tells the browsers to load the file from browser cache (by sending a 304 status), so you should be able to see the cache being used. There’s an ongoing bug probably that’s not always working, you can read more about it here:
About the latter, you can indeed use cache-busting techniques like changing file name or sending a query parameter - but that would just ask the browsers to look for the file again. In our CDN, the same file would be cached and served.
About instant cache invalidation, yes, we’re majorly taking about removing the cache at our CDN (as that’s the one we can control) and since we ask the browsers to check for the file every time, we can always serve the latest content as long as our CDN has the latest one.