ARM Cheat Sheet 2026
The 30 highest-yield ARM facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
50 questions
65 min time limit
70.00% to pass
- The Board of Directors' primary role in strategic risk management is to: → Provide oversight and ensure risk management aligns with organizational strategy
- How does risk assessment support decision-making? → By identifying and prioritizing threats.
- In strategic risk management, 'risk tolerance' refers to: → The acceptable variation in outcomes relative to stated objectives
- Risk appetite in strategic risk management is best defined as: → The amount and type of risk an organization is willing to accept pursuing its objectives
- What is the primary goal of risk control? → Reducing risk likelihood and impact.
- In business continuity planning, 'Recovery Point Objective' (RPO) refers to: → The acceptable amount of data loss measured in time
- Which type of risk assessment involves evaluating past data and trends? → Quantitative risk assessment.
- How does risk transfer help organizations manage risk? → By shifting financial responsibility to another entity.
- What is the primary purpose of risk-related regulations? → To ensure businesses comply with legal frameworks.
- Which analysis tool assesses an organization's internal strengths and weaknesses alongside external opportunities and threats? → SWOT analysis
- What is the primary objective of a Business Continuity Plan (BCP)? → To ensure critical business functions can continue during and after a disruption
- 'Risk culture' within an organization is most accurately described as: → The shared values, beliefs, and behaviors that shape how risk is managed
- Which of the following is an example of a risk mitigation strategy? → Installing fire alarms and safety systems.
- What is a key component of an effective risk control program? → Continuously monitoring and updating mitigation strategies.
- What is the primary purpose of risk financing? → To provide funding for potential losses.
- Interest rate risk primarily affects an organization by: → Changing the market value of fixed-income assets and the cost of variable-rate debt
- Which component of a business continuity program tests and validates the effectiveness of continuity plans? → Plan exercises and testing
- Collateral in credit risk management serves primarily to: → Provide the lender with an asset claim to recover losses if the borrower defaults
- How does risk pooling benefit insurance companies? → By distributing risk among multiple policyholders.
- What is the significance of compliance in risk management? → Ensuring adherence to laws and regulations.
- What is the primary benefit of insurance in risk financing? → Providing financial protection against losses.
- A 'warm site' in disaster recovery differs from a hot site in that it: → Requires some setup and activation time but has essential infrastructure already in place
- Reputational risk is best classified as: → A strategic risk that can impact stakeholder relationships and organizational value
- According to the NIST Risk Management Framework (RMF), what is the first step an organization should take when managing information security risk? → Categorize the information and the system based on its criticality and sensitivity.
- Credit derivatives such as credit default swaps (CDS) are primarily used to: → Transfer credit risk from one party to another without transferring the underlying asset
- Value at Risk (VaR) is a statistical measure that estimates: → The expected loss over a given time horizon at a specified confidence level
- A company's 'Maximum Tolerable Period of Disruption' (MTPD) refers to: → The maximum time a business function can be disrupted before it causes irreversible harm
- How do privacy laws impact risk management? → They require secure handling of personal data.
- Which of the following is a primary advantage of using a captive insurer for risk financing? → Increased control over claims management and customized coverage design
- Which international standard provides guidance on business continuity management systems? → ISO 22301
Turn these facts into recall: