A penetration test is a more advanced test, and is usually goal-oriented. As an example, you may have an internet facing web server hosting confidential data where the objective of a penetration tester is to attempt a compromise of said data. The purpose of the penetration test is to simulate a real-life attack conducted by ethical hackers, who simulate an internal or external threat actor. Most penetration tests include a vulnerability assessment as the first step, but go beyond identifying vulnerabilities to determine if those vulnerabilities are exploitable. Most penetration tests involve both automated and manual efforts to achieve the goal.
Penetration tests can be performed internally or externally. An external test simulates an attacker on the outside trying to get in. An internal test simulates an attacker that gained physical access to your environment or compromised a user’s computer and or credentials (i.e. via social engineering) to gain access to sensitive data or to perform nefarious acts. It can also simulate a rogue employee looking to gain additional unauthorized access to information / data, or to potentially cause harm.