I don't see why your poll has the same question twice (would've been better with a yes or no poll), but yes, you can use burp or paros, as they won't automatically give you root like Metasploit with e.g., Armitage can do  

Sometimes, you have to use an intercepting proxy to perform specific types of web application attacks, and the spider function is just to help you find available files to perhaps play with.
(You still have to use other tools or do it manually afterward, and don't rely 100% on the tools in case they fail, because they can do that a lot when it comes to filters and e.g., unusual SQL Injection.)

Tamper Data in FireFox, is much like an intercepting proxy too except that it doesn't have a spider function as far as I know, but you can definitely use that.

An intercepting proxy is not really cheating, as it allows you to intercept and modify requests, before they're sent, which is useful for e.g., modifying headers. If you didn't use an intercepting proxy of some sort, you would have to e.g., capture the traffic in Wireshark and write scripts in perhaps Python with custom headers, in case a header was an injection point.

About the actual exam, it'll most likely be like a blackbox pentest just as described on the website. You will get more info about this, when you do the actual exam.

Yes there's a huge value in doing the exam, whether you pass it or not. If you don't pass, you will (hopefully) know where to improve (as I did with OSCE), and become even better. You will also learn how to work under stress during a pentest, and to manage your time the best you're able to. 

yes, it is allowed...the only restrictions are on metasploit and other (automated) pwntools like canvas...good luck!