More on the Anonymous User Group
Anyone who visits the site and is not logged in belongs to the Anonymous User Group.
You can edit the User Group by navigating to the top menu item Security » Access Controls, User Groups tab. Then right-click on the Anonymous User Group's name and select "Update User Group".
What Can Anonymous Users Do?
By default, Anonymous Users are granted Load Only permissions in every Context except the "mgr" Context. Without Load Only permissions, requests to the Context would result in a 404 Page Not Found response.
Load Only permissions doesn't necessarily mean they can View the Resource (see below).
For example, if you create a Resource Group and grant access permissions to a specific User Group, the Anonymous User Group won't be able to access that Resource Group at all. This is the basis of Creating Member Only Pages.
401 vs 404 Response on Protected Pages
When you create protected Resource Groups, the Anonymous User Group won't have Load permissions on it by default - they will get a 404 Page Not Found response. If you want them to see a 401 Unauthorized response instead, you have to grant the Anonymous User Group access to the Resource Group with Load Only permissions.
You can do this in the Resource Group Access tab of the Anonymous User Group editing page.
Click on "Add Resource Group", select the protected Resource Group in the dropdown, select the Context in which you want to grant access (don't select the "mgr" context) and choose Load Only as the Access Policy. Click "Save" and you're done.
They still will not be able to view the Resources in that protected Resource Group - they will only be able to "Load" it, and get a 401 response. You can specify a Resource ID to serve as a custom Unauthorized page by using the Unauthorized Page System Setting.