At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed
read/write access to the backend database of a financial company. At 10:45 a.m. the security
administrator received multiple alerts from the company’s statistical anomaly-based IDS about a
company database administrator performing unusual transactions. At 10:55 a.m. the security
administrator resets the database administrator’s password.
At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual
transactions from the same user. Which of the following is MOST likely the cause of the alerts?

A.
The IDS logs are compromised.

B.
The new password was compromised.

C.
An input validation error has occurred.

D.
A race condition has occurred.