Genuineness of Application Pentest On Jailbroken iOS Device

Generally iOS Security assessments (a.k.a penetration testing) are targeting applications running on an iOS device and not the Operating System/platform itself (which has already been subjected to a large number of assessments).

In order to effectively assess the security of an application running on iOS a jailbroken device is needed as debugging and examining the application code and runtime behaviour is difficult without access to the underlying OS.

Most security assessment companies keep a stock of Jailbroken devices, pretty much for this purpose.

Edit to address your added question. I think replication on a non-jailbroken device would depend on the issue at hand. As an example a security issue with an application might be that it stores sensitive data such as credentials in clear text. Now on it's own this may not be exploitable, but it's still bad security practice. Most security assessments I've seen would show evidence of the problem but wouldn't necessarily require replication on a non-jailbroken device every time.