One of the most important actions to secure a web server from common threats is to regularly update and patch the server software. This includes the operating system, the web server software, the database software, and any other applications or frameworks that run on the server. Updating and patching the server software can fix known vulnerabilities, bugs, or errors that could be exploited by attackers to compromise the server or the website. Failing to update and patch the server software can expose the server to common attacks, such as SQL injection, cross-site scripting, remote code execution, denial-of-service, etc.
Installing a web application firewall, limiting the number of concurrent connections to the server, and encrypting the company's website with SSL/TLS are also good practices to secure a web server, but they are not as critical as updating and patching the server software. A web application firewall can filter and block malicious requests, but it cannot prevent attacks that exploit unpatched vulnerabilities in the server software.
Limiting the number of concurrent connections to the server can prevent overload and improve performance, but it cannot stop attackers from sending malicious requests or payloads. Encrypting the company's website with SSL/TLS can protect the data in transit between the server and the client, but it cannot protect the data at rest on the server or prevent attacks that target the server itself.
Therefore, the priority action to secure a web server from common threats is to regularly update and patch the server software.
References:
Web Server Security- Beginner's Guide - Astra Security Blog
Top 10 Web Server Security Best Practices | Liquid Web
21 Server Security Tips & Best Practices To Secure Your Server - phoenixNAP

The protocol that you would recommend to the team to achieve the secure exchange of the symmetric key is the Diffie-Hellman protocol. The Diffie-Hellman protocol is a key agreement protocol that allows two or more parties to establish a shared secret key over an unsecured communication channel, without having to exchange the key itself. The Diffie-Hellman protocol works as follows12:
* The parties agree on a large prime number p and a generator g, which are public parameters that can be known by anyone.
* Each party chooses a random private number a or b, which are kept secret from anyone else.
* Each party computes a public value A or B, by raising g to the power of a or b modulo p, i.e., A = g^a mod p and B = g^b mod p.
* Each party sends their public value A or B to the other party over the unsecured channel.
* Each party computes the shared secret key K, by raising the received public value to the power of their own private number modulo p, i.e., K = A^b mod p = B^a mod p.
* The parties can now use the shared secret key K to encrypt and decrypt the data using a symmetric key encryption algorithm, such as AES or 3DES.
The Diffie-Hellman protocol can ensure the secure exchange of the symmetric key because it relies on the mathematical difficulty of computing discrete logarithms, which means that it is hard to find the private numbers a or b given the public values A or B, g, and p. Therefore, an attacker who intercepts the public values A or B cannot easily compute the shared secret key K, and thus cannot decrypt the data encrypted with K12.
The other options are not as appropriate as option B for the following reasons:
* A. Implementing SSL certificates on your company's web servers: This option is not relevant because SSL certificates are not used to exchange symmetric keys, but to authenticate the identity of the web servers and to establish a secure connection using public key encryption. SSL certificates are digital certificates that contain the public key and the identity information of the web server, and are issued and signed by a trusted certificate authority (CA). When a client connects to a web server, the web server sends its SSL certificate to the client, who verifies it with the CA. If the verification is successful, the client and the web server use the public key in the certificate to exchange a symmetric key, which is then used to encrypt and decrypt the data. However, this option does not address the scenario of transmitting data over an unsecured communication channel, which may not involve web servers or SSL certificates34.
* C. Switching all data transmission to the HTTPS protocol: This option is not sufficient because HTTPS protocol is not a protocol for exchanging symmetric keys, but a protocol for securing web traffic using SSL or TLS encryption. HTTPS protocol is a combination of HTTP protocol and SSL or TLS protocol, which means that it uses HTTP for the application layer communication and SSL or TLS for the transport layer encryption. When a client requests a web page from a web server using HTTPS protocol, the client and the web server establish a secure connection using SSL or TLS protocol, which involves the exchange of SSL certificates and a symmetric key, as explained in option A. Then, the client and the web server use the symmetric key to encrypt and decrypt the HTTP data. However, this option does not address the scenario of transmitting data over an unsecured communication channel, which may not involve web servers or HTTPS protocol5 .
* D. Utilizing SSH for secure remote logins to the servers: This option is not applicable because SSH is not a protocol for exchanging symmetric keys, but a protocol for securing remote access to servers using public key authentication and encryption. SSH is a protocol that allows a client to securely connect to a server and execute commands or transfer files over an encrypted channel. SSH uses public key cryptography to authenticate the identity of the server and the client, and to exchange a symmetric key, which is then used to encrypt and decrypt the data. However, this option does not address the scenario of transmitting data over an unsecured communication channel, which may not involve remote logins or SSH protocol .
References:
1: Diffie-Hellman key exchange - Wikipedia
2: Diffie-Hellman Key Exchange - an overview | ScienceDirect Topics
3: SSL Certificate - an overview | ScienceDirect Topics
4: What is an SSL Certificate? | DigiCert.com
5: HTTPS - Wikipedia
6: What is HTTPS? | Cloudflare
7: SSH (Secure Shell) - Wikipedia
8: What is SSH? | SSH.COM

This phase having the hacker uses different techniques and tools to realize maximum data from the system.
they're -* Password cracking - Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table are used. Bruteforce is trying all combinations of the password. Dictionary attack is trying an inventory of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre-computed hash values until a match is discovered.* Password attacks - Passive attacks like wire sniffing, replay attack. Active online attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash, distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering and dumpster diving.

CEH v13 explains that multi-vector DDoS attacks, especially those combining volumetric reflection (DNS amplification) with application-layer exhaustion (Slowloris), require multi-layered mitigation. Standard firewalls and IPS devices cannot handle large-scale distributed attacks without causing collateral damage to legitimate traffic. CEH emphasizes the need for hybrid DDoS protection, combining on-premises appliances for real-time local filtering with cloud-based scrubbing centers capable of absorbing massive volumetric floods. Cloud scrubbing removes malicious traffic upstream, while on-prem devices mitigate application-layer anomalies. Increasing bandwidth (Option A) is ineffective against reflection attacks. IPS (Option B) cannot handle Slowloris-style partial requests at scale. Blocking all external DNS/HTTP (Option C) would deny service to legitimate users. The correct CEH-aligned solution is hybrid DDoS mitigation services.