Version 4.1 - 5.2.d Identity-based firewalling
Once again, we run into "identity-based" firewalling on IOS. This section (like the ASA section 5.1.h before it) is something that you should know, but probably shouldn't be on the exam. [Although we all know that obsolete and little-used features sometimes pop up.]
A good section on Identity Firewall goes over some of the concepts included in this section.
I would focus on the key benefits of the Identity Firewall :
•Decoupling network topology from security policies. The rules will apply to a user regardless of where the user connects in the network.
•Simplifying the creation of security policies.
•Providing the ability to easily identify user activities on network resources.
•Simplify user activity monitoring.
Again, this basically integrates Active Directory using an AD agent that provides the actual identity mapping. The AD agent runs on a Windows server.
I wouldn't know this any deeper than a general understanding. I would think that most of the detailed "identity" questions would center around ISE rather than the AD agent and its integration with the firewall.