To protect an IIS webserver from Cross-Site Scripting (XSS) attacks, using the Anti-XSS library from Microsoft is an effective action. This library is specifically designed to encode potentially dangerous input to prevent script injection, addressing the core of XSS vulnerabilities. Two-factor authentication, random elements in session cookies, and application whitelisting, while beneficial for overall security, do not directly address or mitigate XSS attacks.