What type of attack involves a rogue wireless access point to inject malicious HTML code?

This question tests how an attacker can place themselves between a user and the network to control what the user sees and sends. A rogue wireless access point is a classic setup for a man-in-the-middle attack because the attacker’s AP sits in the path of the victim’s traffic. The user connects to the attacker’s AP, and while the traffic still goes toward the real network, the attacker can inspect and alter it in transit. That means the attacker can inject malicious HTML into web pages the user loads, effectively delivering malicious code through the intercepted connection. Phishing relies on tricking the user into revealing information rather than intercepting and altering traffic. Denial of Service aims to disrupt service availability, not inject content. Spoofing involves impersonating another entity, which can help set up a deceptive scenario, but the key ability to inject HTML into the content seen by the user comes from the attacker being in the middle of the communication, i.e., a man-in-the-middle attack.