300-215 · Question #86
300-215 Question #86: Real Exam Question with Answer & Explanation
The correct answer is A: hex encoding. Hex Encoding Explanation Hex encoding (option A) is correct because the obfuscated script in the exhibit contains sequences of characters using only the digits 0-9 and letters A-F, which is the hallmark of hexadecimal encoding. Malicious scripts commonly use hex encoding (e.g., \
Question
Refer to the exhibit. Which encoding method is used to obfuscate the script?
Options
- Ahex encoding
- Bmetamorphic encoding
- CASCII85 encoding
- DBase64 encoding
Explanation
Hex Encoding Explanation
Hex encoding (option A) is correct because the obfuscated script in the exhibit contains sequences of characters using only the digits 0-9 and letters A-F, which is the hallmark of hexadecimal encoding. Malicious scripts commonly use hex encoding (e.g., \x41\x42\x43) to represent ASCII characters and evade signature-based detection.
Why the distractors are wrong:
- B (Metamorphic encoding) is not actually an encoding method - metamorphic refers to malware that rewrites its own code to avoid detection, making it a malware type, not an obfuscation encoding scheme.
- C (ASCII85) uses a set of 85 printable ASCII characters and produces longer, more varied character strings with symbols like
~>as delimiters, which would be visually distinct from hex output. - D (Base64) produces output using letters (A-Z, a-z), numbers (0-9),
+,/, and=padding - you would see mixed case letters and symbols, which differs from the limited hex character set shown.
💡 Memory Tip: Think "Hex = 0-9 + A-F only." If the encoded string looks like pairs of those characters (especially prefixed with
\xor%), it's hex encoding. Base64 gives away itself with mixed case and=signs at the end.
Topics
Community Discussion
No community discussion yet for this question.