Yes that is what happens except all the responses are encrypted so for the client to retrieve the instructions from the server it must first decrypt the message that the server sent them to retrieve the unencrypted instructions
it then encrypts those same instructions with a different encryption key and sends it back to the server the server then unencrypts that messsage and checks if the instructions are the same ones that the server originally sent them and if they arent it kicks the client
(And to clear up any future confusion these messages are sent using remote events which would usually be unsecure but with encryption the messages they send to eachother are now secure as the messages are encrypted)