CEH v13 describes relay attacks as credential forwarding techniques where attackers trick systems into authenticating to malicious servers, capturing hashes, and relaying them to privileged services. The described scenario aligns exactly with the PetitPotam attack, a known MS-EFSRPC abuse method that forces Windows domain controllers to perform NTLM authentication to attacker-controlled hosts. CEH discusses how relay attacks combined with Active Directory Certificate Services (AD CS) misconfigurations can allow attackers to request privileged certificates, effectively gaining domain administrator privileges without cracking hashes or accessing LSASS. CRIME (Option B) targets TLS compression and is unrelated. Browser token theft (Option C) applies to web sessions, not domain controllers. Session donation (Option D) is not part of Windows authentication hijacking. Thus, the scenario clearly represents a PetitPotam NTLM relay attack.

https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)
An evil twin attack is a hack attack in which a hacker sets up a fake Wi-Fi network that looks like a legitimate access point to steal victims' sensitive details. Most often, the victims of such attacks are ordinary people like you and me.
The attack can be performed as a man-in-the-middle (MITM) attack. The fake Wi-Fi access point is used to eavesdrop on users and steal their login credentials or other sensitive information. Because the hacker owns the equipment being used, the victim will have no idea that the hacker might be intercepting things like bank transactions.
An evil twin access point can also be used in a phishing scam. In this type of attack, victims will connect to the evil twin and will be lured to a phishing site. It will prompt them to enter their sensitive data, such as their login details. These, of course, will be sent straight to the hacker. Once the hacker gets them, they might simply disconnect the victim and show that the server is temporarily unavailable.
ADDITION: It may not seem obvious what happened. The problem is in the question statement. The attackers were not Alice and John, who were able to connect to the network without a password, but on the contrary, they were attacked and forced to connect to a fake network, and not to the real network belonging to Jane.

CEH training emphasizes that highly tailored social engineering attacks-those exploiting trust in internal workflows and perceived technical authority-are far more effective than generic or mass-distributed phishing attempts. A fake IT support portal that mirrors internal systems leverages procedural familiarity: IT departments commonly instruct employees to log into support portals for troubleshooting, credential verification, or ticket updates. When the attacker enhances the pretext with insider terminology and references to real internal systems, employees are more likely to trust the portal and enter credentials. CEH highlights that successful social engineering attacks mimic legitimate processes to avoid suspicion. Phone calls posing as executives often introduce risk due to real-time interaction and scrutiny. Generic phishing lacks personalization and is easily detected. Physical impersonation introduces operational risk and may not yield credentials. Therefore, a fake IT support portal aligned with IT workflows is the optimal method.

A Gray Hat hacker operates between ethical (White Hat) and unethical (Black Hat) behavior. They might break into systems without permission but without malicious intent, often reporting vulnerabilities afterward.
They perform both offensive and defensive activities.
# Reference - CEH v13 Official Study Guide, Module 1: Introduction to Ethical Hacking
"Gray Hat hackers may violate ethical standards but not necessarily for personal or financial gain. They typically operate without malicious intent."
# Incorrect options:
A). White Hats are ethical hackers.
B). Suicide Hackers attack without regard for being caught.
D). Black Hats are malicious hackers.

aLTEr attacks are usually performed on LTE devices Attacker installs a virtual (fake) communication tower between two authentic endpoints intending to mislead the victim This virtual tower is used to interrupt the data transmission between the user and real tower attempting to hijack the active session.
https://alter-attack.net/media/breaking_lte_on_layer_two.pdf
The new aLTEr attack can be used against nearly all LTE connected endpoints by intercepting traffic and redirecting it to malicious websites together with a particular approach for Apple iOS devices.
This attack works by taking advantage of a style flaw among the LTE network - the information link layer (aka: layer-2) of the LTE network is encrypted with AES-CTR however it's not integrity-protected, that is why an offender will modify the payload.
As a result, the offender is acting a classic man-in-the-middle wherever they're movement as a cell tower to the victim.