I got it right, because I know that you have to create a certificate in master to protect the master key - but the question is a bit misleading.
The question says: "You have created a master key already in the master database and in the CRM database".
First, you do not create a master key in the CRM database. The master key is in the master database only. The key in the CRM database is called a "database encryption key" (DEK).
Second, I don't even think it's possible to create the DEK in the CRM database without FIRST creating the certificate. Since you need this certificate when you create the DEK.