Which two statements are true about penetration tests and vulnerability assessments? (Choose two.)

The two statements that are true about penetration tests and vulnerability assessments are:

1. A penetration test is an intrusive test that attempts to exploit vulnerabilities: Penetration tests are active and intrusive assessments designed to simulate real-world attacks by actively attempting to exploit vulnerabilities in a controlled manner.
2. A vulnerability assessment is a nonintrusive test that attempts to discover vulnerabilities: Vulnerability assessments are nonintrusive and passive tests that focus on identifying vulnerabilities, misconfigurations, and weaknesses without actively attempting to exploit or compromise systems.

The statement “No permission is required before conducting a vulnerability assessment and penetration test” is not true. Permission and proper authorization are crucial before conducting both vulnerability assessments and penetration tests to ensure the organization is aware of and consents to the testing, and to avoid any potential legal or operational issues. Unauthorized testing can lead to disruptions and legal consequences.