What is the difference between a vulnerability assessment and a penetration test?

A vulnerability assessment identifies, quantifies, and prioritizes security weaknesses in systems and networks using automated scanning tools. It produces a comprehensive list of vulnerabilities with severity ratings but does not attempt to exploit them. A penetration test goes further by actively exploiting discovered vulnerabilities to determine what an attacker could actually achieve, including lateral movement and data exfiltration. Vulnerability assessments are broader in scope and conducted more frequently, while penetration tests are deeper, more targeted, and conducted less often.