What is the relationship between an exploit and a payload in Metasploit?

In Metasploit, an exploit is the piece that takes advantage of a vulnerability in the target to gain the ability to run code on the system. The payload is the actual code that gets executed on that system once the exploit succeeds. So the exploit delivers and triggers the vulnerability, and the payload defines what you want to happen after access is gained (for example, a reverse shell, a Meterpreter session, or other actions). You can pair the same exploit with different payloads to achieve different outcomes. That’s why the correct description is that an exploit takes advantage of a vulnerability to run a payload on the target. The other statements don’t fit: a payload is not a vulnerability, an exploit and payload are not the same, and a payload isn’t inherently used just to enumerate users.