Which security measure can be used to protect servers from DDoS attacks?

Implementing rate limiting to control request frequency is an effective security measure against DDoS attacks because it helps to manage the amount of traffic that a server will accept at any given time. DDoS attacks often involve overwhelming a server with a large volume of requests in a short period, with the intention of exhausting its resources and causing a denial of service to legitimate users. By setting limits on how often a single user or IP address can make requests to the server, rate limiting can effectively reduce the impact of these attacks. It allows a server to maintain some level of service availability by preventing excessive traffic from any single source, which is key in mitigating the effects of malicious request flooding typically seen in DDoS scenarios.

Other options, while they may provide security benefits in different contexts, do not directly address the nature of DDoS threats as effectively as rate limiting does. For instance, using a firewall to block all incoming traffic would effectively shut down server accessibility altogether, which is not practical for legitimate users. Deploying antivirus software primarily protects endpoints from malware and does not prevent DDoS attacks directed at server resources. Regular password changes enhance user account security but do not mitigate the impact of high-volume traffic associated with DDoS threats.