Penetration Test (pentest) and Vulnerability Assessment (VA) are two terms that are often incorrectly used interchangably.
A Vulnerability Assessment is a test of systems designed to identify potential security gaps and misconfigurations that could be used as part of an intrusion or data compromise. The VA is designed to find gaps and and determine the effect that these cyber threats could have on a network, but does not include attempts to actually break in to systems. Think of a vulnerability assessment as the digital equivalent of a burglar casing a building to identify weak security points that can be used to break in at a later time. Vulnerability Assessments are less intrusive and time consuming than penetration testing.
A Penetration Test normally begins with a Vulnerability Assessment and then uses the results to attempt to exploit identified weaknesses in order to judge the likelihood and effectiveness of a particular attack. Pentests are comprehensive and time consuming, but produce the most useful results that can assist an enterprise in identying and remediating legitimate threats to systems and data