CompTIA Security+ Question M-9

A commercial cyber-threat intelligence organization observes Indicators of Compromise (IOCs) across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

A. perform attribution to specific APTs and nation-state actors.
B. anonymize any Personally Identifiable Information (PII) that is observed within the IoC data.
C. add metadata to track the utilization of threat intelligence reports.
D. assist companies with impact assessments based on the observed data.

Answer: B