An FTP server that permits anonymous login can lead to what primary risk?

• A. Anonymous users downloading sensitive files from the server
• B. Increasing encryption strength of the connection
• C. Automatically auditing user activity
• D. Preventing directory listing

Answer: (A)

Allowing anonymous FTP access creates a situation where anyone can log in without valid credentials. If sensitive files are placed in directories accessible to anonymous users, those files can be downloaded by anyone who gains access, leading to data leakage. This is the primary risk because the absence of strong authentication directly enables unauthorized data access. It doesn’t inherently improve encryption, enable automatic auditing, or prevent directory listing—the risk mainly centers on exposing restricted content to the public. To mitigate, disable anonymous login or tightly restrict what anonymous users can access, enforce proper file permissions, and prefer secure alternatives like SFTP/FTPS.