John, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should John search for in the log files?
A. Failed authentication attempts
B. Network ping sweeps
C. Host port scans
D. Connections to port 22