Let us assume you are managing a Linux server supporting an
Ecommerce website. Let us also assume that you have secured the server.
You removed telnet from all servers and installed the more secure ssh.
Let us say that the firewall configuration is as follows

conduit permit tcp host 192.168.5.10 eq 80 any
conduit permit tcp host 192.168.5.10 eq 443 any
conduit permit tcp host 192.168.5.10 eq 22 any

Suppose if a lower level tech calls you up at the middle of the night at
your home and says that he cannot ssh into one of the servers. Now you
try to log into the server from home using ssh, the first time you type
the passwd, it asks passwd again. You think you mistyped it and type
again. Now you are allowed into the server. What are the steps you will
take to make sure that the server is fine.

2)Suppose you figure out from the firewall logs that the webserver was
attacked from outside over port 22 and then used to connect an outside
server, what could be the most likely attack or vulnerability the
attacker used to compromise the webserver? What clues can you get from
your first attempts to log into the server using ssh? Where does this
clue point to? What will be your next course of action? What else you
could have done to prevent such an attack? Please answer all the
questions raised under this scenario.

copy'n'pastin your homework

Which book were you supposed to read that has the answers. I'd like to have a look at it

Per the LQ Rules, Do not expect LQ members to do your homework - you will learn much more by doing it yourself.
http://www.linuxquestions.org/rules.php