The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system’s features and data. Additionally, it identifies strengths that enable a full risk assessment to be completed