What is the difference between a vulnerability scan and a penetration test?

A vulnerability scan is an automated process that identifies potential weaknesses without attempting exploitation, producing a list of vulnerabilities ranked by severity. It is broad, fast, and safe to run frequently. A penetration test is a manual, targeted effort where skilled testers actively exploit vulnerabilities to determine what an attacker could actually accomplish, including data access and lateral movement. Penetration tests are deeper but narrower in scope, more expensive, and carry some risk of system disruption.