Version 4.1 - 5.1.a Firewall Functionality
This section would cover "general" questions about the ASA. I would not count on many (if any) questions on this one. But everything is actually fair game, so take a good look at the ASA page from Cisco. The main idea can be found under "Cisco ASA Product and Solution Overview" in the ASA book:
"The Cisco ASA 5500 Series Adaptive Security Appliances integrate firewall, IPS, and VPN capabilities, providing an all-in-one solution for your network. Incorporating all these solutions into Cisco ASA secures the network without the need for extra overlay equipment or network alterations."
The main idea here is that the firewall is integrated with other services to provide a complete solution. Note that the ASA book was written a while ago and covers the old ASA 5500 Series. The "new" NGFWs are 5500-X Series.
The X-series uses 64-bit processors versus the 32-bit processors previously used. The X-Series also integrate with cloud-based services (Cloud Web Security) and use software licensing to enable additional services. Previously, you had to use a hardware module to add IPS functionality to your ASA. Now, this is just a licensing difference. Take a look at the ASA comparison page. The 5500s required an AIP-SSM for IPS functionality and the X-Series are the "Cisco ASA with FirePOWER Services" NGFWs.
Of course, you could have a separate IPS such as the Cisco IPS 4500 Series Sensors. And you will be tested on this for the exam (see sections 5.3 and 5.4). But these devices are EOS and EOL. This is one of the major frustrations about the Security field. Things come and go so quickly. So how do you study for a test in a field that is constantly changing? You don't know if you have to know the old stuff or the new stuff. But again, anything is fair game - so your best bet is to at least be familiar with both.
Know that the AIP-SSM modules are Adaptive Inspection and Prevention Security Services Modules - basically, IPS. There are also 4GE-SSMs - which can provide 4 Gig Ethernet ports. You can either use the copper RJ-45 ports or the four SFP ports (but not both). You can mix and match fiber and copper, but you only get 4 ports total out of this module. There is also a CSC-SSM Module - which provides an all-in-one content management solution (it runs Trend Micro InterScan software). Note that the AIP-SSM and CSC-SSM modules are EOL and EOS.
Even in the NGFWs, the FirePOWER module (IPS) runs as a separate application from the ASA. It can be managed by the FMC (Firepower Management Center) or within the ASDM - depending on model.
Another good book that updates the ASA book is : "Cisco Next-Generation Security Solutions" - which covers ASA FirePOWER Services, NGIPS, and AMP. You should read both books for section 5.