Which of the following is generally not a risk associated with penetration testing?

In the context of penetration testing, exploitation of vulnerabilities is generally not viewed as a risk in the traditional sense because it is an intended outcome of the testing process itself. Penetration testing aims to identify and exploit vulnerabilities to assess the security posture of a system. The goal is to uncover flaws and weaknesses so they can be addressed and mitigated. Thus, while the act of exploitation may reveal risks, it is not considered a risk that arises from the testing; rather, it is a core part of the testing methodology.

On the other hand, application crashes, denial of service, and data corruption represent potential unintended consequences or risks that could result from a penetration test. Application crashes may occur if the testing process inadvertently triggers a system failure, denial of service can happen if the testing overwhelms the system's resources, and data corruption could arise if the test modifies or disrupts data integrity. These outcomes can lead to operational issues and should be carefully managed during the testing process.