Given a Linux machine running only an SSH server, which chain of alarms would be most concerning?
A.
brute force login attempt from outside of the network, followed by an internal network scan
B.
root login attempt followed by brute force login attempt
C.
Microsoft RPC attack against the server
D.
multiple rapid login attempts