Which statement best describes ARP poisoning?

ARP poisoning, also called ARP spoofing, targets the Address Resolution Protocol used on a local network to translate IP addresses to MAC addresses. Hosts keep an ARP cache that maps each IP to a MAC, but ARP has no built-in authentication. Because of that, an attacker can send forged ARP replies (even unsolicited ones) to convince devices that a particular IP is associated with the attacker's MAC address, such as the gateway. Once the mapping is poisoned, traffic intended for that IP is sent to the attacker, enabling interception, modification, or disruption. This description matches the idea of sending fake ARP replies to associate IPs with wrong MAC addresses. It’s not about encrypting ARP traffic, changing IPs via DHCP, or a routing protocol vulnerability, since ARP poisoning deals with local IP-to-MAC mappings, not encryption, DHCP, or routing protocols.