What is the primary difference between an intrusive and a nonintrusive vulnerability scan?

An intrusive scan attempts to actively exploit vulnerabilities, and thus could possibly cause some disruption of operations. For this reason, it should be conducted outside normal business hours or in a test environment, if it is used at all. A non-intrusive scan attempts to identify vulnerabilities without exploiting them. A penetration test actually attempts to breach the network by exploiting vulnerabilities. An audit is primarily a document check. Both intrusive and non-intrusive vulnerability scans can be effective at finding vulnerabilities.