Comprehensive and Detailed Explanation (paraphrased, aligned to N10-009):

An evil twin is a malicious wireless access point that impersonates a legitimate SSID. Once victims connect, the attacker can intercept and manipulate traffic, performing an on-path (man-in-the-middle) attack—capturing credentials, injecting content, or downgrading encryption.

B. DDoS overwhelms services with traffic; it’s not the typical follow-on from clients joining a rogue AP.

C. ARP spoofing is another way to become on-path on wired segments, but with an evil twin, the wireless association itself enables the on-path position.

D. Phishing is social engineering; while an evil twin could be used to present fake portals, the primary technical posture after connection is on-path.

References (CompTIA Network+ N10-009):

Domain: Network Security — Wireless threats (rogue APs/evil twins), traffic interception, on-path attacks.

===========