Version 4.1 - 4.5 Packet Filtering
Packet filtering is yet another vague and expansive topic on the blueprint. But, let's try to figure out what they're pointing at here. Mainly "packet filtering" refers to ACLs. Remember the old packet filtering firewalls? All they did was list a bunch a rules - and if the packet met that rule it was either permitted or denied (based on the rule). If it met no rules, it matched the implicit deny at the end of the ACL.
In the last section, I noted that IDS/IPS relies on packets not being spoofed. Packet filtering before the devices would seek to remove any spoofed packets prior to analysis by the IDS/IPS. It's part of the layered security concept. One of the things that packet filters are good for is tossing out the low-hanging fruit. Any traffic that is obviously not allowed should be filtered prior to content filtering and packet inspection (the next section). If your IDS/IPS or Firewall is overwhelmed with bogus traffic, it might either perform poorly or miss traffic.
The Cisco site on ACLs has extensive documentation on this. You should already probably know quite a bit about access lists if you are studying for this exam. Things you may want to brush up on (or be aware of) include the "fragments" keyword [to check non-initial fragments]. You may also want to be aware of what any line of any possible ACL does and doesn't include. Yeah, this is a tall order, isn't it? There's no way to actually "prepare" for that except by reading and experience. INE actually has a 3 hour video on "Access-Lists: Beyond the Basic and Extended" that you might want to watch. With a lot of ACL experience, I think I'm good on this one. But the thing I have to remember is that when you get any question with an ACL, slow down! Look at the ACL closely - and see if the traffic would match or not. Then remember the implicit deny at the end.
For this section, I think of the edge devices and what ACLs they should have. I also think of the old packet filtering firewalls and how they operated. The O'Reilly book on "Cisco IOS Access Lists" is also a really good book to read. It's a bit dated (published in 2001), but if you do not come from a networking background, you may find this helpful. Being an O'Reilly book, you can also find this on Safari.
I'm not going to milk this section. Although listed as a separate topic, it's mainly ingrained in the rest of the topics.