A Penetration Test is an organized, target, and authorized attack on a system to simulate a realistic attack and find vulnerabilities. This is generally a component of risk management, but is separate from actually fixing the systems and must explain the vulnerabilities to people of a variety of technical skill. Vulnerability analysis includes penetration tests but is generally automated. All testing must be authorized to avoid legal repercussions.
An external penetration test is an attack from outside the system, while an internal test works within the company. Tests can vary in evasiveness to determine when a system can identify an attack.
A Blackbox test involves minimal information required, while a Whitebox gives everything, and a Greybox is in the middle. Penetration is commonly included with general red teaming, which can include physical testing and social engineering, or purple teaming, which works closely with patching the system.
A risk is something bad that could happen, a threat is something bad that is happening, and a vulnerability is something that could lead to a threat.