A security analyst has noticed an alert from the

SIEM. A workstation is repeatedly trying to connect to port 445 of a file server on the production network. All of the attempts are made with invalid credentials. Which of the following describes what is occurring?

A. Malware has infected the workstation

and is beaconing out to the specific IP address of the file server.

B. The file server is attempting to transfer malware to the workstation via SMB.

C. An attacker has gained control of the workstation and is attempting to pivot to the file server by crea

ting an SMB session.

D. An attacker has gained control of the workstation and is port scanning the network.