Which type of security assessment aims to identify vulnerabilities through active testing of systems?

A penetration test, commonly known as a pentest, is designed to actively test systems for vulnerabilities by simulating an attack. During a pentest, security professionals attempt to exploit weaknesses in a system's defenses, providing a clear picture of how an attacker might gain unauthorized access or cause damage. This assessment not only identifies vulnerabilities but also evaluates the effectiveness of existing security measures, allowing organizations to address those vulnerabilities before they can be exploited maliciously.

In contrast, audits typically focus on reviewing policies, procedures, and controls to ensure compliance with regulations and best practices rather than actively testing systems. A risk assessment takes a broader approach, identifying potential risks and their impacts without necessarily performing active testing. Compliance checks ensure that an organization adheres to specific mandates or standards but also do not involve the same level of active testing that a pentest does. Therefore, the primary characteristic that distinguishes a pentest is its focus on actively probing for vulnerabilities in systems, making it the correct choice for this question.