What is the best description of the purpose of a penetration test?

Penetration testing aims to reveal how far an attacker could go by simulating real-world attacks against an organization's systems, networks, or applications and attempting to exploit weaknesses in a controlled, authorized engagement. This approach shows not just where flaws exist, but how they're likely to be exploited, the potential impact, and how quickly an attacker could move to sensitive assets. The value lies in turning theoretical vulnerabilities into practical risk assessments, guiding remediation, and testing defenses like detection and response in a realistic scenario. While other activities—like evaluating physical security, measuring performance under load, or checking regulatory compliance—address important aspects of security, they don’t capture the primary objective of proving exploitable weaknesses through active exploitation in a safe, governed test.