Which of the following activities identifies but does not exploit vulnerabilities?

Penetration testing, or pen testing, is an active evaluation method where security experts simulate attacks to identify vulnerabilities in a system. Unlike static analysis, penetration tests involve actively exploiting these vulnerabilities to assess the impact and test the effectiveness of existing security controls.

Dynamic analysis involves evaluating software during runtime to detect vulnerabilities that may manifest under specific conditions. This method typically involves executing the software and monitoring its behavior to identify potential weaknesses, making it an active approach that differs from the passive nature of identifying but not exploiting vulnerabilities.

Bug bounty programs incentivize security researchers and ethical hackers to discover and report vulnerabilities in software or systems. These programs encourage the active identification and exploitation of vulnerabilities, with rewards offered for responsibly disclosing these security issues to the organization.