The filter will pick up all OU's under Global in the list.
Even if you set a deny filter on the OU for read in AD, User accounts inherently have read access which would override this at the OU level.

There's a few ways you could accomplish your goal though:
Make a LDAP OU definition for each OU you want to scan, to the highest level, without including the OU you don't want
Use a transform map to just ignore any record coming from that OU (May be the best idea)

In regards to your generic filter, short answer, yes.
This filter will look at all objects classified as "person" and not computer where the sn (surname) field is * and samaccountname (username) is *, essentially, yes this will import everything under the Global OU

Here's a handy LDAP reference site pertaining to AD
http://technet.microsoft.com/en-us/library/aa996205(v=exchg.65).aspx

Let me know if you need any further info and I'll be glad to help