Security audit team may want to disallow "Unlisted File extensions" in IIS for NFA Console.
To configure at the server level using the IIS Manager GUI:
1. Open Internet Information Services (IIS) Manager
2. In the Connections pane, select the server
3. In the Home pane, double-click Request Filtering
4. Click Edit Feature Settings... in the Actions pane
5. Under the General section, uncheck Allow unlisted file name extensions