Star topology is a type of physical network design where each computer in the network is
connected to a central device, called hub, through an unshielded twisted-pair (UTP) wire. Signals
from the sending computer go to the hub and are then transmitted to all the computers in the
network. Since each workstation has a separate connection to the hub, it is easy to troubleshoot.
Currently, it is the most popular topology used for networks.
Star Topology:

ECCouncil 312-38 Exam
Answer option A is incorrect. Mesh network topology is a type of physical network design where all devices in a network are connected to each other with many redundant connections. It provides multiple paths for the data traveling on the network to reach its destination. Mesh topology also provides redundancy in the network. It employs the full mesh and partial mesh methods to connect devices. In a full mesh topology network, each computer is connected to all the other computers. In a partial mesh topology network, some of the computers are connected to all the computers, whereas some are connected to only those computers with which they frequently exchange data. Mesh Topology: Answer option D is incorrect. Bus topology is a type of physical network design where all computers in the network are connected through a single coaxial cable known as bus. This topology uses minimum cabling and is therefore, the simplest and least expensive topology for small networks. In this topology, 50 ohm terminators terminate both ends of the network. A Bus topology network is difficult to troubleshoot, as a break or problem at any point along the cable can cause the entire network to go down. Bus Topology:

ECCouncil 312-38 Exam

Answer option C is incorrect. Ring topology is a type of physical network design where all computers in the network are connected in a closed loop. Each computer or device in a Ring topology network acts as a repeater. It transmits data by passing a token around the network in order to prevent the collision of data between two computers that want to send messages at the same time. If a token is free, the computer waiting to send data takes it, attaches the data and destination address to the token, and sends it. When the token reaches its destination computer, the data is copied. Then, the token gets back to the originator. The originator finds that the message has been copied and received and removes the message from the token. Now, the token is free and can be used by the other computers in the network to send data. In this topology, if one computer fails, the entire network goes down. Ring Topology:

ECCouncil 312-38 Exam

John is performing cookie poisoning. In cookie poisoning, an attacker modifies the value of cookies before sending them back to the server. On modifying the cookie values, an attacker can log in to any other user account and can perform identity theft. The following figure explains how cookie poisoning occurs:

For example:
The attacker visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.
Original cookie values:
ItemID1= 2
ItemPrice1=900
ItemID2=1
ItemPrice2=200
Modified cookie values:
ItemID1= 2
ItemPrice1=1
ItemID2=1
ItemPrice2=1
Now, the attacker clicks the Buy button and the prices are sent to the server that calculates the total price.
Another use of a Cookie Poisoning attack is to pretend to be another user after changing the username in the cookie values:
Original cookie values:
LoggedIn= True
Username = Mark
Modified cookie values:
LoggedIn= True
Username = Admin
Now, after modifying the cookie values, the attacker can do the admin login.
Answer option D is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site.
When another user views this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks require the execution of client- side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.