CPF.EXE is the user interface for the firewall - this is what you see when you open CPF. CMDAGENT.EXE is, I believe the portion of CPF that applies the Network, Application and Component Monitor rules. Both of these are necessary but even with these shut down, INSPECT.SYS is still running. INSPECT.SYS is the kernel level driver that performs Stateful Packet Inspection, so you’re still covered.
Memory usage will vary from installation to installation, depending upon the O/S environment and the rule sets in place. While CPF may not be the smallest (in terms of memory footprint) but it has improved remarkably over the past few versions. Others may be smaller, bit IMHO there is none better.