What risk does ARP spoofing introduce?

ARP spoofing undermines local network trust by manipulating how devices learn who owns which IP on the LAN. Since ARP translates IP addresses to MAC addresses, an attacker can send forged ARP replies so that other devices associate the attacker’s MAC with a legitimate IP (often the gateway). This poisons the ARP caches and causes traffic intended for that IP to be sent to the attacker instead, enabling interception, modification, or redirection of traffic. That’s why the key risk is poisoning caches and redirecting traffic, which can lead to man-in-the-middle or sniffing. The other options don’t describe what ARP spoofing does: it doesn’t inherently alter router routing tables to drop packets, it isn’t about a reverse ARP authentication scheme, and it certainly doesn’t improve security via encryption.