(1) The 'must' gives it away, you don't have to use REVERT or another EXECUTE AS statement to change your context back.

(3) If you're an sa, you can impersonate a user with Execute As User, hence #3 is wrong - a member of the sysadmin role can use database level impersonation.

(4) "Explicitly Defined" in terms of executing as a Login or User - Execute As Login gives you impersonation at the server level, i.e. all databases, Execute As User gives you impersonation at the database only level, you can't switch to another database.

This one was pretty clear-cut ...