Which of the following type of attacks exploits the trust that a website has for an authenticated user to attack that website by spoofing requests from the trusted user?

Cross-site request forgery (XSRF or CSRF) sends fake requests to a website that purports to be from a trusted, authenticated user. Cross-site scripting (XSS) exploits the trust the user has for the website and embeds scripts into that website. Bluejacking is a Bluetooth attack. Nothing in this scenario requires or describes an evil twin, which is an attack that uses a malicious access point that duplicates a legitimate AP.