A security analyst is monitoring the network and observes unusual traffic coming from a host on the LAN. Using a network monitoring tool, the analyst observes the following information: Time 12 . 4900001192 . 168 2 . 155 2100 32857 12.490005 192.168.2.155 192.168.2.101 32858 12.490013 192.168.2.155 192.168.2.102 32859 12.490018 192.168.2.155 192.168.2.103 3286O 12. 490022 192.168.2.155 192.168.2.104 32861 12.490024 192.168.2.155 192.168.2.105 32862 12.490028 192.168.2.155 192.168.2.106 32863 12.490029 192.168.2.155 192.168.2.107 32864 12.490035 192.168.2.155 192.168.2.108 32865 12490037 | 192 . 168 . 2 . 155 | 192-168 . 2 . 109 3266 IP Src IP Dst Src Port Dst PortProtocol 192.168 445 445 445 445 445 445 445 445 445 445 SMBvl SMBv1 SMBvl SMBy1 SMBvl SMBvl 1 SMBv1 SMBvl SMBv1 After ten seconds, some of the computers shown in the IP Dst field start to exhibit the same behavior and immediately make multiple outbound connection attempts. Based on this observed behavior, which of the following is the MOST likely cause? Users are running port scans on the network. A malicious host is performing a MITM attack. An amplified DDoS attack is in progress. A worm is attacking the network. A race condition is being leveraged B. D