(I hope you know the difference between vulnerability and exploitation.)
Vulnerability Assessment (or VA) is a process of finding the security flaws in an application, network and system. There are many tools which are used in assessing the vulnerabilities are like Nessus, Nexpose, OpenVAS etc,
On the other hand, Penetration Testing (or Pen Test or PT) is all about exploiting the loopholes or security vulnerabilities present in the network, application and system.
Together it is called as VAPT, it allows enterprise to know there security weaknesses and apply patches accordingly, so that the real attacker or Hacker cannot do any damage to the organisation.