312-50V13 · Question #383
312-50V13 Question #383: Real Exam Question with Answer & Explanation
The correct answer is D: msfencode. msfencode – AV Evasion in Metasploit msfencode is correct because it encodes/obfuscates shellcode and payloads, transforming them into formats that can bypass signature-based antivirus detection - for example, using encoders like shikata_ga_nai to scramble the payload's byte patt
Question
Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?
Options
- Amsfpayload
- Bmsfcli
- Cmsfd
- Dmsfencode
Explanation
msfencode – AV Evasion in Metasploit
msfencode is correct because it encodes/obfuscates shellcode and payloads, transforming them into formats that can bypass signature-based antivirus detection - for example, using encoders like shikata_ga_nai to scramble the payload's byte pattern while preserving its functionality.
Why the distractors are wrong:
- msfpayload (A) is used to generate payloads (e.g., reverse shells), but by itself produces raw, easily detectable code without encoding
- msfcli (B) is a command-line interface for launching Metasploit modules directly from the terminal - it's an interface tool, not an encoding utility
- msfd (C) is the Metasploit daemon that allows multiple clients to connect to a shared Framework instance - a networking/management tool unrelated to AV evasion
💡 Memory Tip: Think of the "encode" in msfencode - just like encoding a secret message to hide it from prying eyes, msfencode hides payloads from AV scanners. Also note that in modern Metasploit, msfencode and msfpayload were merged into msfvenom, but for exam purposes, the AV-evasion tool is msfencode.
Topics
Community Discussion
No community discussion yet for this question.