ARM Cheat Sheet 2026

The 30 highest-yield ARM facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

50 questions
65 min time limit
70.00% to pass
  1. The Board of Directors' primary role in strategic risk management is to: Provide oversight and ensure risk management aligns with organizational strategy
  2. How does risk assessment support decision-making? By identifying and prioritizing threats.
  3. In strategic risk management, 'risk tolerance' refers to: The acceptable variation in outcomes relative to stated objectives
  4. Risk appetite in strategic risk management is best defined as: The amount and type of risk an organization is willing to accept pursuing its objectives
  5. What is the primary goal of risk control? Reducing risk likelihood and impact.
  6. In business continuity planning, 'Recovery Point Objective' (RPO) refers to: The acceptable amount of data loss measured in time
  7. Which type of risk assessment involves evaluating past data and trends? Quantitative risk assessment.
  8. How does risk transfer help organizations manage risk? By shifting financial responsibility to another entity.
  9. What is the primary purpose of risk-related regulations? To ensure businesses comply with legal frameworks.
  10. Which analysis tool assesses an organization's internal strengths and weaknesses alongside external opportunities and threats? SWOT analysis
  11. What is the primary objective of a Business Continuity Plan (BCP)? To ensure critical business functions can continue during and after a disruption
  12. 'Risk culture' within an organization is most accurately described as: The shared values, beliefs, and behaviors that shape how risk is managed
  13. Which of the following is an example of a risk mitigation strategy? Installing fire alarms and safety systems.
  14. What is a key component of an effective risk control program? Continuously monitoring and updating mitigation strategies.
  15. What is the primary purpose of risk financing? To provide funding for potential losses.
  16. Interest rate risk primarily affects an organization by: Changing the market value of fixed-income assets and the cost of variable-rate debt
  17. Which component of a business continuity program tests and validates the effectiveness of continuity plans? Plan exercises and testing
  18. Collateral in credit risk management serves primarily to: Provide the lender with an asset claim to recover losses if the borrower defaults
  19. How does risk pooling benefit insurance companies? By distributing risk among multiple policyholders.
  20. What is the significance of compliance in risk management? Ensuring adherence to laws and regulations.
  21. What is the primary benefit of insurance in risk financing? Providing financial protection against losses.
  22. A 'warm site' in disaster recovery differs from a hot site in that it: Requires some setup and activation time but has essential infrastructure already in place
  23. Reputational risk is best classified as: A strategic risk that can impact stakeholder relationships and organizational value
  24. According to the NIST Risk Management Framework (RMF), what is the first step an organization should take when managing information security risk? Categorize the information and the system based on its criticality and sensitivity.
  25. Credit derivatives such as credit default swaps (CDS) are primarily used to: Transfer credit risk from one party to another without transferring the underlying asset
  26. Value at Risk (VaR) is a statistical measure that estimates: The expected loss over a given time horizon at a specified confidence level
  27. A company's 'Maximum Tolerable Period of Disruption' (MTPD) refers to: The maximum time a business function can be disrupted before it causes irreversible harm
  28. How do privacy laws impact risk management? They require secure handling of personal data.
  29. Which of the following is a primary advantage of using a captive insurer for risk financing? Increased control over claims management and customized coverage design
  30. Which international standard provides guidance on business continuity management systems? ISO 22301
Turn these facts into recall: