Which of the following describes the practice of testing a system's security by simulating an attack?

Penetration testing, often referred to as "pen testing," is a proactive security practice that involves simulating a cyber attack on a system to evaluate its security posture. The objective of penetration testing is to identify and exploit vulnerabilities within a system or network, just as a malicious actor would do. By conducting these tests, organizations can assess the effectiveness of their security measures and discover areas that require improvement before they can be targeted by actual attackers.

This practice typically involves a structured approach, including planning, reconnaissance, scanning, gaining access, maintaining access, and analysis or reporting. The outcome provides valuable insights regarding potential security weaknesses, allowing organizations to make informed decisions on how to strengthen their defenses.

In contrast, vulnerability assessments focus primarily on identifying and cataloging vulnerabilities without actively exploiting them, while risk assessments evaluate the potential threats and impacts but do not simulate an attack. Security auditing involves reviewing and verifying compliance with security policies and standards but doesn't necessarily entail the active testing of exploit vulnerabilities as penetration testing does.