Which of the following properly describes penetration testing?

Which of the following properly describes penetration testing?

A.
Penetration tests are generally used to scan the network and identify open ports.

B.
Penetration tests are generally used to map the network and grab banners.

C.
Penetration tests are generally used to exploit a weakness without permission and show how an attacker might compromise a system.

D.
Penetration tests are generally used to demonstrate a weakness in a system and then provide documentation on the weakness.