A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization`s accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used? 

Answer options:

A. Man-in-the-middle
B. Spear phishing
C. Evil twin
D. DNS poisoning

D