To get more people answering your question, resurfacing an old one is not the best way to go
Marketo sync's with SFDC using an SFDC user. so you can use SFDC right management to enable Marketo to see records or on the contrary to hide some. This will be done in SFDC using either roles and/or sharing rules.
There is another solution, though which is known as sync filtering. You can ask support to set up a filter to authorize or prevent lead and or contact sync based on some SFDC field values. I wrote a few blog posts on this a while ago: