Security analysts notice a server login from a user who has been on vacation for two weeks. The analysts confirm that the user did not log in to the system while on vacation. After reviewing packet capture logs, the analysts notice the following:

Which of the following occurred?


A. A buffer overflow was exploited to gain unauthorized access.
B. The user's account was compromised, and an attacker changed the login credentials.
C. An attacker used a pass-the-hash attack to gain access.
D. An insider threat with username smithJA logged in to the account.