While a school district is performing state testing, a security analyst notices that all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host. Which of the following is most likely responsible for this malicious activity?

Shadow IT refers to the use of unauthorized applications or devices within an organization, often without the knowledge of IT departments. While shadow IT can pose significant security risks, it is not directly associated with ARP poisoning, which requires intentional manipulation of network protocols rather than simply using unapproved technology.

Credential stuffing is a cyber attack where stolen username and password pairs are used to gain unauthorized access to accounts. This method does not relate to ARP poisoning, as it targets user accounts and online services rather than manipulating network traffic or addressing local network vulnerabilities.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol designed to prevent email spoofing. A DMARC failure pertains to issues in email security and has no direct relevance to ARP poisoning, which impacts local network communications rather than email integrity.