The server log shows 25 SSH login sessions per hour. However, it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?
A.
Change management
B.
Code review
C.
Baseline reporting
D.
Security policy