For your first question, yes, R80.40 management can manage R80.30 firewalls, and the firewalls won't care. All management versions can manage a few earlier firewall versions. I think R80.40 management can manage back to R77, which is something like eight years of backwards compatibility.
With a jumbo HFA (patch bundle), management versions can also manage some newer firewall versions. For example, I have an R80.20 management server managing some R80.40 firewalls. You're limited to application features of the lowest version (so in my case, R80.20), but you can use OS-level features of the new version (such as the new kernel and userspace, new filesystem, etc.)
As for question 2, that's roughly how most cluster upgrades go. The installation and upgrade guide has a few. Minimal Effort Upgrade involves an outage window where you shut both members down, upgrade them, then bring them both online at the new version. Zero Downtime Upgrade involves upgrading one member, flipping over to it (which will cause loss of ongoing connections; R80.30 and R80.40 firewalls can't sync normally), testing, then upgrading the other. Multi-Version Cluster Upgrade involves explicitly telling the upgraded cluster member to sync with the older version, which allows ongoing connections to survive the failover with some limitations.