Home Blog Page 1759

3 Secrets Tips and 8 Proven Ways of Passing CAMS Certified Anti Money Laundering Exam(CAMS) Exam!!!

Risk Simplifiers
-
0
3 Secrets Tips and 8 Proven Ways of Passing CAMS Certified Anti Money Laundering Exam(CAMS) Exam!!!

[pullquote]Internationally renowned and accepted, world governments acknowledge the CAMS certification as the gold standard in AML/CTF compliance.                         – ACAMS[/pullquote]

Are you gearing up for the Certified Anti-Money Laundering Specialist (CAMS) exam? Achieving CAMS certification from the Association of Anti-Money Laundering Specialists (ACAMS) is a significant milestone in the world of financial crime prevention.

The Certified Anti-Money Laundering Specialist (CAMS) certification is a highly sought-after course to kickstart or advance your career in the Anti-Money Laundering and Combating Terrorism Financing sector. If you’re still debating whether CAMS is worth it, the answer is a resounding yes, especially if you’re aiming for a lucrative and respected career as an Anti-Money Laundering Professional. In today’s landscape, regulatory bodies worldwide emphasize anti-money laundering and counter-terrorism measures, recognizing the importance of disrupting the flow of illegal money to combat criminal activities effectively.

This designation has weight my friend that is going to increase your professional reputation as well as the size of the wallet. CAMS exam is quite a tough nut to crack. But with proper guidance, you can easily pass this exam with flying colors.  

1. How to Register for CAMS Exam(SECRET TIP!!!)

This looks obvious , just to this site here. They will set you up. Well, that’s one way to go but we have one tip. In a minute, you will feel fortunate that you have found this article. Let us share you a tip, before doing anything, just download CAMS Candidate Handbook from there official website here.

Candidate Handbook contains a lot of information, including syllabus, exam format, exam locations, re-exam and so on. After you have gone through handbook and understood its contend, DON’T JUMP TO PURCHASE CERTIFICATION, YET. Instead, email to their contact id: certification@acams.org. But be sure to check their email id in handbook, as it tends to change. In your email, tell them you are interested in taking cams exam. After that, they will assign you representative who will give you a call, you can ask him/her for a discount. More likely they will give you discount, if you are paying from your own pocket. This will save you quite deal of money rather just paying directly through website.

 

2. Understanding Objective of CAMS Certification:

Many Candidate usually jump immediately towards devouring the CAMS study guide and other reference materials after they registered for CAMS exam without first understanding what CAMS degree is all about. Your objective should not be only to PASS CAMS exam. You need to understand the CAMS Study Guide gives you mere information only or just concepts. For e.g., It says that you need to do risk assessment and have policies and procedures in your organization. In order to pass this exam, this concepts may be enough but not in your job situation. Let’s say if you pass this exam but do not know how to design ECDD form for high risk customers or you are unable to  proper tune transaction monitoring to identify suspicious transaction in your job environment then , well that just leave a bad taste in your mouth.

So you have to understand this, CAMS certification is does not make you ultimate AML/CFT professional. This is just beginning of your AML/CFT career. Even ACAMS promotes CAMS as basic course in Anti-Money laundering. So mere passing this certificate should not be your goal.  We have found that many candidate purchase CAMS dump to practice as many question related to CAMS exam, just to pass this certification. So, do you think, did they really earned this certification. Therefore, when you study the CAMS study guide, you need to be able to relate concepts in CAMS study guide in your day-to-day job. You need perform gap analysis and think how these concepts can truly help to improve AML/CFT posture of your organization.

We have created comprehensive course Ultimate Certified Anti Money Laundering Specialist(CAMS) Preparation Zero To Hero Course which not only helps you to pass CAMS exam but also guide you to become better AML/CFT expert. We have explained concepts with practical example so that you could know how these ideas are applied in real life. You don’t find them in your CAMS Study Guide. Take a moment to explore our website and unlock a world of valuable information and opportunities – don’t miss out!

 

 

“Discover the inspiring journey of a determined candidate who, despite facing multiple setbacks, finally achieved her dream of passing the CAMS exam.”

 

3. Create Study Plan:

Whenever you are studying difficult certification like CAMS exam, it is better you laid out down study plan. You need to first determine when you are planning to take exam. Still NOT Sure? After going through rest of this article, you will be.

First determine, how much time you are willing to set aside for the study. Consider following things for crafting study plan.

  1. It is not matter of quantity but quality. Studying 1 hour a day with full focus is better than 2 hours with distraction.
  2. Maintain consistency, whatever, you do unless it is an emergency, find time to study. Even if it is only 15 minutes a day, try to study. Consistency will bring discipline. If there has been long time since you study for any kind of exam, this will bring you in a track, slowly and comfortably. We want you to keep this pace even after passing cams exam. When you want to have career in AML/CFT, always remember, you need to learn every day because criminal don’t sleep they are always looking for new ways for money laundering and terrorism financing. Therefore, you need to continuously update yourself.
  3. Put away mobile phone, unless you are studying from it.
  4. Take frequent break, you don’t need to study until your head hurts. Take five minutes break after every 20 minutes. Go listen to music, drink water or your preferred beverage and have fun. We will even go far and suggest you that. Before, 1 day of exam, after you have reviewed and are well prepare, you can watch a heartwarming movie or do any activities that you like. This will relax your nerves. But, remember, we only recommend this, if you have maintain disciple and followed your study plan by heart.

You can look as this excellent website to create a study plan for yourself.

 

Top 5 Mistakes to Avoid While Preparing for CAMS Exam

How to Answer Questions in CAMS Exam with High Accuracy? 

 

4. Resources:

After the registration, ACAMS will provide you with an ACAMS Training portal, where you will receive all the materials necessary to pass the exam. You will receive, CAMS study guides in pdf and audio format, flashcards, a summary module for each chapter of CAMS. But, how to use them is an art. One method is to just scan through the whole study guide once. Then, revisit the study guide again, this time listening audit format simultaneously. It is well known from scientific research that when you can use more senses while learning, we can understand and retain that knowledge better. For the above case, if you also take notes while studying the guide as well as listening, you are using all your three senses: Visual, Auditory, Feeling. Now, talking about Flashcards and summary module, we suggest you use them at the time of review only.

 

CAMS Study guide or manual covers generic information and in a very concise. You will not pass only depending upon CAMS study , you need to reference other materials. Besides the study guide, it is highly recommended that you go through FATF recommendation and Wolfsberg Principles as listed in chapter : International AML/CFT standards of the CAMS Study Guide. This is because most of the content in the CAMS study guide is derived from these standards and principles.. AML/CFT is a very vast concept and referring only to the study guide may not be enough to clarify all the ideas mentioned in the guide. Moreover, you may want to go through Egmont Group Financial Analysis Cases, this will prepare you for the scenario-based questions that are usually asked in the CAMS study guide. In our Ultimate Certified Anti Money Laundering Specialist(CAMS) Preparation Zero To Hero Course

In our CAMS preparation course , we provide you with just enough resources that is need for your cams exam. If you look at “Guidance document and reference materials” in CAMS Study Guide, you will get the list of resources to prepare for your cams exam. To speak truth, all is not required, and it not possible to go through all resources, if you have only few months to prepare. So we have handpicked only those resources that are useful for your cams exam, also in some pdf we have highlighted important content, so that you can focus on them, which will save your time. Also you will get concise notes for FATF 40 recommendation in .docx format so that you don’t have to go through all those 140 pages of FATF. We also separate free course on FATF recommendation in our www.learnwithsiorik.com website, which you may want to check out.

There is MORE!!!. You will also get hyperlink for the website, where you can download those resource, if you want your own copy.

resources for cams exam
FREE resources for CAMS EXAM with purchase of CAMS Preparation Course
Notes for FATF
Notes on FATF in word file

 ACAMS provides various resources, including webinars, seminars, and networking opportunities. Engage with these resources to gain insights from industry experts and fellow professionals.

It is also better if you are update with recent trend Money Laundering and Terrorism Financing. We have create Crime Watch page which provides with highlight of Money laundering and Terrorism Financing news happening from all around, abstracted from more than 100 famous  news channel like CNN, BBC, Economic Times and so on.

Who said preparing for CAMS exam cannot be fun. You can also watch following movies, documentaries and TV series, if you want to see exaggerated cases of Money Laundering and Terrorism financing.

  1. Cocaine Cowboys(Documentary)
  2. American Greed(TV series)
  3. Infiltrator
  4. Breaking Bad(TV series)
  5. Ozark (TV series)

 

 

5.Time for Preparation

We are not going to lie that CAMS is easy. You will fail if you are not adequately prepared. We have found many people have not succeeded in their first attempt when they have ventured this exam on the basis of their job experience and mere luck. Therefore, we suggest you give this ample time, at least 3 months ahead of the appearance exam, you may want to go through all the resources we have suggested above. The rest is up to you.

 6.The Clarity in Concept:

About 90% of question is scenario-based, like what two things you will do when you are faced with this situation or that. Therefore, gaining knowledge about the different concepts is not only sufficient, but you should know how to apply it. Therefore, you should understand all the material concepts of the study guide. Repetition is the key here.

7.Notes preparing for Memorization

Everybody has their own style of learning. In whatever case, the essence of note-taking could not be disregarded. It is better to prepare a note of each topic in soft copy like in word file rather than in hard copy which will provide you with benefits of portability. CAMS exam is both memorization and application of the concept. Therefore, early note taking activity will help you in the long run. You can also use Flashcards provide by CAMS but it’s in question and answer format but will not substitute, comprehensive notes. Also, we have create CAMS STUDY NOTES that you get FREE with the purchase of our  CAMS preparation course .  The main feature of these notes are , they not only simplify and contain important content of CAMS Study Guide, but they also include other reference materials. Further, there are word format, which means you can customize these study notes as you desire.

8.Mind Map.

To help you with memorization, you don’t need to rot down everything. It is also very easy to lose focus while going through study guide, as lot of concepts are presented in very concise way. It is utmost necessary that you revisit the concepts again and again until you are clear.

Another best way of understanding and memorizing is use of Mind Map.

A mind map is a visual representation of ideas, concepts, and information organized around a central theme or topic. It is a graphical tool that helps individuals brainstorm, structure, and organize their thoughts in a more holistic and interconnected way. The central idea is typically placed in the center of the map, and branches radiate outward to represent related subtopics or concepts.

Key elements of a mind map include:

Central Theme or Topic: The main concept or idea that the mind map revolves around is placed in the center of the page.

Branches: Radiating out from the central theme are branches that represent main categories or major concepts related to the central idea.

Nodes or Sub-branches: Each branch can have sub-branches that further break down the main categories into more specific details or subtopics.

Keywords and Images: Mind maps often use keywords or short phrases to convey information concisely. Additionally, images or symbols may be used to enhance understanding and memory.

Color Coding: Colors can be used to distinguish between different branches or to highlight important information, making the mind map visually engaging and aiding in recall.

 

This will really interlink the concept. We suggest you take a big white chart paper, the write concepts in two or three word, then circle it, it will become a node and link with other concepts(Branches) as you come across, with different color. As an example, please look at the following Ted Talk on creating Mind Map.

The main benefit, whenever you will look at them, you will able comprehend all the concepts simultaneously and if you find any idea confusion, you can revisit them later.

9. Exam Format and Exam Technique:

Everything said above, boils down to only one thing, how to pass or get a higher score in the CAMS exam. You will have 4 hours to solve the 120 questions which are more than enough. You need to answer 75 questions correctly out of 120 questions to pass CAMS. So, it is not 75%, but 75 right answered questions. In percentage, it will come about 62.5% only. 

9.1 Multiple choice questions

You will get multiple choice question, but it is not like you need select one out of four. Often there will be 5 or 6 multiple choice questions, where you need to select 2 or 3. CAMS exam questions can be quite lengthy you need to read and comprehend. In some cases, answers in the questions itself, so you need to understand the question.

9.2 Best way to deal with multiple choice question
A. Bad Technique

CAMS exam is tricky most of the time as almost all multiple choice answers look valid. One technique is that you go through once the question and its multiple choice answers and then again re-read the question thoroughly to select the right answer. People usually miss the right answer when they read the question only once.

B. Good Technique (SECRET TIP!!!)

Do you know that you will get “Marked for Review” option in exam portal. DO, DO, DO use this if you find difficult or long answer question. Let me give you reason why?

This is general nature, the people are usually nervous while taking exam. So, it is better you answer first the questions that you find easy to answer and attempt other long and confusing question later. This will boost your confidence and you can tackled those difficult question later on. Therefore, when you use “Mark for Review” option, you can revisit those question later on

C. Master any Scenario Based Question (SECRET TIP!!!)

Would you like to know secret to ace any Multiple Choice question? Of course you do. So, let us share this with you.  For a straight forward question like one line question, you just read the question, then options and select suitable answer. This is far efficient way.

Now for the secret technique. We will give you a chance to practice this yourself.

Let’s look at the following example and try to answer the question and not how much time did it

  1. Ramesh is the AML compliance officer for a small bank that has had AML difficulties and that is operating under a deferred prosecution agreement with the federal government. The FBI approaches Rick and requests that the bank maintain an account that the FBI is examining so that the FBI can monitor continuing activity. What two things should Rick do first?
  2. Ask that request be submitted in writing.
  3. Ensure that the request is from someone with appropriate authority.
  4. Ask the Board of Directors to approve keeping the account open after an internal investigation.
  5. Keep the account open in order to not incur any further disfavor with the federal government.

 

So, how well you did it. Do you have your time recorded? Good. Now follow along,

Now let’s us revisit above question, we would like you to focus on the end of the question. That is to say, what question is actually asking. Plainly speaking, focus on WH question (What, When, Where, How, Whom). In above question, it was “What two things should Rick do first?”. So the question is asking what two action Rick needs to take immediately. This is the actual question. All the paragraph above that question is context. It is asking what two actions Rick needs to take immediately, if such situation happens, that if FBI comes knocking at your office door and ask you about any account that they are examining. Caution, here answers are designed to confusion, if you look at them all answer are correct but clue lies with the word “first”. In CAMS exam, answer will be designed in a way to confuse you. Therefore, aim to understand the context question and choose the right answer. So always read the question more than one time, so to understand it properly.

 We hope, you have understood this concept, now try answering following question.  

2. Diane, the AML compliance officer for a large financial institution, uncovers a serious case of potential money laundering being conducting through a number of related accounts. What are three factors she should consider in deciding whether or not to close the accounts?

A.Whether the account holder is a close associate of any of the members of the Board of Directors.

B. Whether the alleged money laundering activity is occurring in all of the accounts, or just some of the accounts.

C.The legal basis for closing the accounts.

D.The reputational risk to the institution if the accounts are maintained

We hope you are now, proud of yourself. We don’t think you need correct answers to above questions, but here they are incase you are wondering.

1. Question: A, B

2. Question: B,C,D

10. One Final Secret Tip !!!

There is Tibetan Proverb, “Empty your cup”. Let us clarify this quote, in context of your exam, in scenario based question, you have limit yourself to the context and thing that you learn from case study guide.Don’t assume or add or subtract to that context. Let’s illustrate this with an example. In the Question 1, let’s assume that you had faced similar situation in your real life and your board actually instructed you to do the first job of keep that account open first, before doing any other things. May be they don’t want to upset regulator bodies. But, if you select that option, you will be wrong.

So, try to understand the context of the question, be present in that moment and answer the question. If you follow this secret Mantra, you will not only pass CAMS exam , you might be in path towards enlightenment.

For e.g.,

In our Ultimate Certified Anti Money Laundering Specialist(CAMS) Preparation Zero To Hero Course  We provide you with 360 mock question for practice. We can hone your new found skill over there.

Quiz Set
FREE MOCK QUESTION with purchase of CAMS Preparation Course
Mock Test
Exam SImulator

11. Practice Question:

There is no need to stress the importance of the mock test.  It is advised that before,  going through the study guide, you first attempt the mock test on chapter 6  to assess your current level of understanding about a different aspect of anti-money laundering and combating terrorism financing. Then, after completing your study guide, at the time of the review phase, re-do the mock test. This is from the experience of  many candidates that what marks you are scoring in the Mock test at the review phase, you will be the scoring if not equivalent but more in your actual CAMS exam.

Remember, there are many candidates who purchase CAMS dump question online, only study that and attempt exam. The success guarantee is 50% . But one thing we will guarantee, you won’t be good AML/CFT expert by doing so. Your goal should not be merely passing CAMS exam but higher. So focus on understanding concept and try to interlink them. The questions are asked in CAMS by mixing various concepts in different chapter. It’s like if you are skilled in driving, nature and type of road won’t matter. You can drive in any road conditions. Similarly, we also provide you with 360 mock question completely FREE with the purchase of our CAMS Preparation course. All questions are designed to test your understanding in deeper level.

Embark on your journey to become a skilled AML/CFT professional, and pass the CAMS exam with our engaging and informative CAMS exam preparation course where we have used animation, shared stories, demonstrated practical tools which not only help you understand CAMS concept but equip necessary talents to make you AML/CFT expert.  Visit our website and discover a wealth of resources – don’t miss out on this opportunity! 

WE FEEL PROUD OF THOSE INDIVIDUAL WHO HAVE TAKEN OUR COURSE AND ACHIEVED CAMS CERTIFICATION.HATS OF TOO THEM FOR THEIR DEDICATION,HARD EFFORT AND STRONG WILL. WE HOPE THEM ALL THE BEST FOR THEIR FUTURE ENDEAVORS!!!.

   

Join Our WhatsApp Community of Risk Management Professionals.

https://chat.whatsapp.com/ByZJyIcHc3U8ib9FOCJLMN

Consultancy and Training Services

If you require expert consultancy services on AML/CFT, feel free to inquire through this Google Form. Our team is ready to assist you with tailored solutions to enhance your organization’s transaction monitoring capabilities.

About Author
Kiran Kumar ShahLinkedIn: https://www.linkedin.com/in/kirankumarshah/

 

[stextbox id=’alert’] WE ARE PLEASEd TO INFORM YOU THAT, WE HAVE COMPLETED ARTICLE SERIES AND YOUTUBE SERIES OF OVERVIEW OF ALL CHAPTERS OF CAMS STUDY GUIDE. THEY CAN BE ACCESSED BY CLICKING FOLLOWING LINKS.[/stextbox]

Chapter 1: Risks and Methods of Money Laundering and Terrorist Financing

Chapter 2 : International AML/CFT Standards

Chapter 3: Anti-Money Laundering/Counter-Terrorist Financing Compliance Programs

Chapter 4: Conducting and Responding to Investigations

 

Other Article in this site that you may find useful:

SIMPLIFYING OVERALL AML/CFT PROCESS IN YOUR ORGANIZATION !!!

UNDERSTANDING GoAML!!!

 

Simple Reasons and Solutions for Complex Fraud Schemes in Nepalese Corporate Sector.

Risk Simplifiers
-
0
Simple Reasons and Solutions for Complex Fraud Schemes in Nepalese Corporate Sector.

Scenario 1: A branch manager was transferred to a remote area for 6 months. However, management did not transfer branch manager even after 6 months despite several requests from Branch Manager. Branch Manage slowly become frustrated, started to commit a series of the fraud. He started taking kickbacks from customers while granting a loan, used the branch money for personal, embezzled the petty cash money. Finally, he was caught via whistleblower.

Scenario 2: A Teller in a bank was in habit of gambling. He wanted money desperately so he took some money from vault when nobody was looking. Nobody knew, how the money disappeared. Later, Investigation team was able to seek a confession from Teller based on circumstantial evidence.

Scenario 3: A High official in a bank was living beyond his means. He recently bought a very lavish house, luxurious car. He was able to arrange money by duping one of his customers. He used the power of his position to authorize the client a substantial amount that was later used by him. Later, Loan became non-performing loan as the client was not able to make payment of dues. Also, client whistleblow against the official leading to an investigation by the bank and eventually dismissal of the official.

Scenario 4: Branch Manager was living a high standard lifestyle beyond his income. He used to give loans to the client before loans were actually granted to the customer.In some case, he also committed appraisal fraud that is providing a loan based on highly inflated collateral value. During the surprise cash visit, audit team found the cash shortage. The BM was terminated later on.

Scenario 5: Teller was a drug addict. One day, a customer came to him with substantial money to deposit in his account. The Teller knew that customer was not frequent account operator. He provided the receipt of the deposit but, deposited that amount in his wife account instead of a customer. After, 2 or 3 months customer came to claim the shortfall amount in his account. Luckily, he had still receipt of the deposit slip. Teller claimed that receipt was manufactured but in vain. Finally, money was recovered and the teller was terminated.

What are the things common in these scenarios?

According to Donald R. Cressey(1919-1987) in his research, ”Other People’s Money: A study in the Social Psychology of Embezzlement(1953)” introduced the concept of the fraud triangle as illustrated by the following figure with the discussion of its necessary components.

fraud triangle

According to Cressey, there are 3 legs of this fraud trianglePerceived non-sharable financial need means that person usually has a need that can be solved by financially from the theft of the asset or money. He wants to keep these need secret for e.g., drug habit or revenge. All these needs are related to maintain current status or to gain higher status. It becomes the motive for employees to commit fraud.

Opportunity to carry out fraud comes from the two things. One is the information that can come from different mediums that can inform an employee that fraud can be committed by abusing his position. This can be as simple as watching TV serial. Technical skill refers to the abilities that are needed by employees to carry the job. For e.g., in scenario 5, teller knew how to make entries in the system for diverting fund from client account to his wife account.

Rationalization is how the fraudster justifies his criminal action. According to Cressey, rationalization begins before the fraudster commits the act. This is because no one wants to view himself/herself as a bad person. Rationalization is essential to justify his/her illegal behavior. After the criminal act is done, criminal usually abandon rationalization, that is, it becomes easier for criminals to repeat the act.

According to Cressey, there should be the presence of all three components to be interacting each for employee commit fraud. In the above 5 scenarios, we can see the presence of these components. In all scenario, there is a presence of non-shareable financial need that is some of them had had to maintain their current status which was not supported by their actual income so they need to embezzle funds, some had an addiction of drug or gambling, one was frustrated with his job.

All the perpetrators have the opportunity as they were in a position to misuse their authority. BMs have full authority over a branch, usually, staff are inferior in position and often lack knowledge of business practice and procedures. Therefore, they are more vulnerable to under influence through use of his/her position. Tellers knew all the system functionalities, they can easily commit fraud and hide their fraud transaction in the heap of the many legitimate transactions.

Although there is not clearly mention about anything about rationalization, there must be some kind self-bargaining thought that must have crossed their mind like “I deserve this”; “organization had benefitted from me a lot, why shouldn’t I” or  “Organization will get hurt, it’s  not that individual employees are losing money.”

Mitigate the Risk:

1.Perceived non-sharable financial need:

This risk can be solved by implementing the following measures

  • Having an open-door policy where employees can share their grievances without fear of being reprimanded or embarrassment. There should be appropriately skilled personnel who can provide adequate counseling to the staff.
  • There should be clear hotlines for reporting any suspicious activities such as sudden changes in the lifestyle of the employee , which shall be kept strictly confidential.

  1. Opportunity

This can be solved by through having appropriate Risk assessment mechanism in the organization. Then appropriate controls can be designed and implemented. For e.g., for teller depositing or making a payment above a certain threshold amount, approval form his/her superior should be obtained.

  1. Rationalization:

Although it depends upon the one individual to another, it can be linked to perceived non-sharable financial need. If the organization invest in morale-building exercise for an employee like providing necessary training, giving timely promotion as recognition for their contribution, providing objective compensation package, this will increase loyalty among employees as they believe that since the organization is fair to them, they should be fair to them.

Hence, Cressey Fraud Triangle provides the explanation for the nature of different frauds but not all frauds. Although being a half-century old, this theory has provided essential guidance for the fraud investigation for different fraud examiners.

Thank you for reading. If you have found this article useful please share and comment below.

Simplified version of understanding TAILS operating system !!!

Risk Simplifiers
-
0

In this tutorial, you will learn process for installing TAILS operating system and techniques for accessing deep web.

To understand more about deep web, Please follow the following link:

DARK NET : How much you know about THE INTERNET??

Simple way for getting ready for CISA Exam !!!

Risk Simplifiers
-
0

This tutorials will explain you different techniques that will help you to pass CISA exam easily.

Follow the following link to get more insight:

Ready For CISA Exam? (Pass in First Attempt)

Simplified Way of Hacking Windows XP and Safeguarding It !!!

Risk Simplifiers
-
0

In this free tutorial you will learn different ways of hacking windows XP using different attacks like SMB Exploit, Memory Corruption, M.I.M Attack, Trojan to exploit the system.

Please follow this link to read follow article:

Are you safe using Windows XP?

Simplified way of Understanding Phising Attack.

Risk Simplifiers
-
0

In this tutorial we will know how to protect yourself from phishing, a social engineering attack.

Simplified Overview of CISA Review Manual and Guidance on Passing CISA Exam.

Risk Simplifiers
-
0
Simplified Overview of CISA Review Manual and Guidance on Passing CISA Exam.

 

Warm Greetings to all of you future Information System Auditors. If you are intending to or decided to opt for CISA, then congratulations.

are on a very exciting and challenging journey ahead. The recent information security incidents have also lead to an increased demand for information security professionals, CISA being one of them. Further, CISA is a well-renowned course for Information Security Audit. It highly sought worldwide. Also, if you look at the current vacancy, regarding Information Security Manager or Information Security Officer, “Preferred Qualification- CISA “, always pops up.

But it is necessary to make one thing clear that CISA qualification will not any chance to make you an expert in the information security field. If you are already from an audit background, it will help you to apply that audit concept in the information security field. But it also does not mean, that you will be able to clear the CISA exam with only Audit knowledge. CISA requires you to have general knowledge about the information security concept but not in detail. However, the broad concept of Audit like planning, risk assessment, report writing still prevails. 

HELP US TO MAKE YOUR CISA JOURNEY FUN AND AFFORDABLE !!!

OR

ARE YOU WILLING TO JOIN FREE SESSION ON CISA PREPARATION? LET US KNOW.

Let’s Get Technical:

You can check out the CISA Exam Fees by going through its official site here which is exactly USD 760 till September 2019 that may be subject to change. However, we believe you are really interested in what the CISA exam is all about and how can one clear this exam. So, let’s cut into the meat and look inside what CISA is all about. You need to score 450 out of 800 to pass this exam which roughly comes to about 56%, which is not difficult to score if follow our footsteps to prepare for the CISA exam. But before we share with you our tips and tricks, let us talk about what CISA Exam is really about and what is expected out of any candidate.[pullquote]If you read for the CISA Review for the first time, some of you may get confused. So following brief introduction will give you a rough idea about what the CISA exam is all about so that you can plan your approach for your study.[/pullquote]

CISA exam is divided into 5 domains that carry different weights of marks. We will list the weights in the percentage at the side of the title of the domain:

Domain 1: The Process of Auditing Information System(21%)

If you are involved in the Audit area then you will find this domain very easy, whichever sector you perform audit like IT, financial, regulatory, the basic concepts of Audit will be always the same. You need to Plan the Audit, perform risk assessment, do substantive and analytical testing, write reports. There are other things like the code of ethics, audit risk, internal controls.

Domain 2: Governance and Management of IT(16%)

In the simplest term, this chapter tells you about how IT should be included in the overall organization structure. There should be Board overseeing IT function, Steering committee to make the decision about IT issues. There should be a proper department structure of IT with the clear job responsibilities of Information Security Officer, Chief Technology Officer, and other IT support staff without any overlapping duties and authorities. There should be proper IT plan and policies which should support the overall business objective of the organization.

Domain 3: Information System, Acquisition, Development and Implementation(18%)

This section talks about how any IT Hardware and Software procurement and development should be treated as a project with a detailed explanation of different concepts of project management like planning, budget, time schedule. You also learn about the System Development Lifecycle, different types of testing methods of any Software. Finally, it talks about the concept of electronic commerce like electronic finance, banking, point of sale systems.

Domain 4: Information Systems Operation, Maintenance and Service Management(20%)

This chapter provides you with information about different components of information systems like what is network infrastructure, what are network devices like firewalls, routers, switches. It also gives information about different components that are widely used in IT infrastructure. You can say that this chapter is like a glossary or brochure of the different hardware and software components that anyone who claims to be IT literate should know about.

Domain 5: Protection of Information Assets(25%)

This is a far more interesting and important domain than any other domain. You will learn about different types of information security threats either physical or logical that may occur in Information systems from physical threats like a flood, fire, vandalism to hacking, phishing, and so on. It also teaches you the mechanism to protect from those risks.

So, how about testing yourself, for preparedness for the CISA exam. Download our  Mobile App here, it will test you with 51 exam similar questions and provide you with an explanation for the wrong answer. Also, it comes with a lot of other useful features to help you in the journey of acing the CISA exam.

Time to Prepare:

I think two categories of people like to take CISA certification: One who is already in an Audit or risk management career; others who are involved in IT or IT security. I have written this article so that it would be helpful for both.

[stextbox id=’alert’]HAVE YOU ALREADY REGISTERED FOR THE CISA EXAM OR THINKING ABOUT IT. IN ANY CASE, TO HELP YOU IN THIS JOURNEY, WE HAVE JUST A MOBILE APP FOR YOU, WITH TON OF FEATURES AND “ABSOLUTELY FREE”.ALSO, CHECKOUT OUR YOUTUBE VIDEO PRESENTATION FOR THIS APP WHICH ALSO INCLUDES GREAT TIPS ON PASSING THESE EXAMS. [/stextbox]

For IT professionals

CISA is mainly related to Audit rather than IT, I will say it’s about 40% pure Information Technology. So, having good knowledge of the Audit concept and methodology will help you all the long way. There are unlimited sources where you can look into. The other important thing is to understand this concept that how much you understand CISA is based on your IT background. There are two key ideas that are widely accepted in all organizations: Business and Risk. If your IT background is related to developing different types of programs and applications to run the business of the organization, you need to really work on understanding different Risk Concepts. It requires a shift in your perspective. You need to analyze the thing from a Risk point of view. For e.g. let’s say if you are looking at someone written program, now from Risk eye, you need to evaluate, whether there is a backdoor in the program or not and others. Now, let’s say if your background is from IT security, then it will be much easier for you to grasp the concept mentioned in CISA.

 

For Non- IT guy but with zeal in information security

As as I said earlier CISA required you to have quite a knowledge about Information Security but doesn’t require you to be an expert. For e.g., you may have never seen Firewall but if you have an idea about how a firewall works then it will be sufficient. Another good example is you may never have a written program in your life, that’s ok, you only need to understand whether this program was created as per management approval or whether any changes in this program were properly authorized.

I had taken the CISA exam in December 2014 and my score was in the top 20% of top scorers globally. Since I didn’t have any IT background then, so this scoring meant a lot to me. I like to share my techniques for studying.

  1. Read the CISA Review Manual(CRM) multiple times. You may want to understand the concept as clearly as possible. Also, you want to give yourself ample time before attempting this exam. I suggest 2 to 3 months of preparation time will be sufficient to clear this certification.

2. If possible take some certification courses like Linux, CompTia A+ if you have never taken any computer courses. Put your focus on the security areas like how the permission is granted, how to change privilege so different users.

3. If you don’t have time to take courses. You may want to online tutorial videos regarding information security like CBT nugget training videos.  You can watch them at a convenient time.

4. You need to Practice the CISA question database. You may have gone to give more emphasis on question database rather than CRM. However, I think that if you understand the concept, clearly you can attempt any question, since, these questions are there to examine your understanding. Right. Always read the question twice before answering and if your answer is still wrong, try to understand why your answer was wrong.

5.  Before taking your exam, it is generally a good idea to attempt a mock test. It is a simulation for your exam and it gives you a brief idea about time management. 

6. I think it is best you take one day off your exam. Put your mind at ease by doing things that you love. This will give you mind you process all the information and make it necessary. You will see what I mean.

[stextbox id=’info’] WE HAVE STARTED ARTICLE SERIES AND YOUTUBE SERIES REGARDING INFORMATION SECURITY MANAGEMENT AND ETHICAL HACKING, BOTH OF THEM ARE VERY IMPORTANT IF YOU WANT TO BE A GOOD INFORMATION SECURITY EXPERT. PLEASE FOLLOW THE LINK BELOW.[/stextbox]

Are You Read to be An Information Security Expert?

Thank you for your time.

Below is the video demonstration of everything said above.

 

Simplified way of Understanding Risk of Windows XP system

Risk Simplifiers
-
0
Simplified way of Understanding Risk of Windows XP system

Back in those days when XP was introduced, it completely overhauled windows 98 with new graphics and functionality. Currently, Windows XP has become 16 years but it has not lost its popularity, we can still see windows XP in different kinds of organizations, especially in government organizations in Nepal. I have observed, government employees, playing Solitaire while we waited in line for hours. According to statcounter.com, Windows XP is still running on 3% of all desktops.

Key Vulnerabilities

There is no support for XP by Microsoft since April 8, 2014. So, Windows XP computers are more vulnerable to information security threats. Hence, came the Ransomware attack which was in the headlines in May 2017. This is not the end of it, we will most likely hear more security attacks on XP machines in near future also. Further, this will lead the Windows XP machine to be the target of Zero-Day exploits as when windows launch any security patches for its operation system, exploiters will figure out what vulnerability is fixed by that patch and then launch with launch their exploit on Windows XP machines.

There are many vulnerabilities found in Windows XP like buffer overflow of internet explorer and easy targets of different malware. The major key security threat in XP was that the administrator account had unlimited privileges.

I have made the following video to show how windows machines can be exploited using these vulnerabilities. In this video, I have used different techniques to attack windows XP machines to show you how vulnerable these machines are. The two techniques related to buffer overflow attack: memory flaws of Internet Explorer 6 and another well-known flaw of SMB protocol. The third one is the Man-In-Middle attack. The final one is related to deploying Trojan or backdoor.

DISCLAIMER: THis VIDEO IS MADE FOR EDUCATIONAL PURPOSE ONLY. PLEASE RESPECT OTHER PEOPLE’S PROPERTY AND PRIVACY AS YOU DO FOR YOURS. THANK YOU.

Why Use of XP so prevalent

As discussed earlier, the Windows XP machines are still being used largely in various types of the organization. Why is the reason for being so? The main reason is the usually in a government organization, once they purchase a desktop, they will not replace it until and unless it turns to scrap material. During the Window 98 era, more organization were in manual mode, most of these institutions did not use the computer for day to day work. When they did gradually started to upgrade them, they got stuck on XP and then decided not to upgrade at all. Up-gradation requires a lot of effort and time.

Microsoft launched Windows Vista after the success of Windows XP, however, it failed miserable. As per Wikipedia, Vista was expensive, the current user hardware system was not able to support that product and other legal issues to name a few. Due to the mass failure of windows VISTA, the user uninstalls that operating system and switch back to Windows XP.

Mitigation

The only way to protect yourself is to upgrade window XP with the latest version windows system. There is no other option. However, if you still need to use Windows XP then the following solution may be adopted.

  1. Segregate the network in which the XP machine is installed. This network should be protected by a strong firewall to control the traffic going inside and outside the network.
  2. The main problem with XP was that its’ administrator had unlimited privileges. Therefore, such accounts should be strictly controlled and monitored.
  3. Finally, to emphasize again, this kind of system should be upgraded as soon as possible. Because in coming future new vulnerabilities are likely to discover and exploits will be made to compromise these kinds of vulnerabilities.

Thank you for reading. If you have found it useful, please do share.

Simplified Concept of Dark Net, Deep Web and, Bitcoin

Risk Simplifiers
-
0
Simplified Concept of Dark Net, Deep Web and, Bitcoin

It is estimated that only 4% is on the surface web, while 96% of online content is found on Deep Web. So what is the concept of the deep web, darknet, onion routing? Let’s Explore Them. 

Onion Routing was developed in the 1970s which created an overlay network that is built on the top of another network i.e., the Internet. This network finally became available under an open-source license for everyone to use which eventually became TOR. There are other networks like TOR, together all of them became Deep Web. The contents of this web cannot be accessed by normal search engines like google, bing. One example of such a network can be a private network of any organization which cannot be accessed through any commercial search engines.

The dark Net is a shady area inside the Deep web which is used by criminals to perpetuate their criminal activities. like drug trafficking, illegal sale of weapons, child pornography. All these goods are purchased and sold via Bitcoin.

Deep Web and Dark Web when combined becomes Dark Net. 

Concept of TOR

The main reason for the birth of Tor was to provide anonymity to users while surfing on the deep web. It does this by encrypting the IP address of users by routing via several other computers using the same software. Since normal browsers like, Chrome, Firefox is not able to access the Dark Net, one needs TOR Browser to access TOR hidden services which are a bunch of URLs that are merely a string of meaningless numbers and letters that end in .onion like this one http://owmx2uvjkmdgsap2.onion/. TOR also can be used to access other sites indexed by Google and other search engines.

The popularity of Dark Net

The main purpose of the creation of the Dark Net is to provide anonymity to users which have been a major concern regarding protecting one’s privacy. This issue got further escalated when in 2013,  Edward Joseph Snowden disclosed illegal surveillance programs carried out by NSA, USA. In today’s world, when you use the internet, you leave digital fingerprints. As a result, your details like time, location, and goods purchased from credit card, debit card when combined with data in your mobile phone will create Metadata about you and it tells a story about you based on facts that are not entirely true. So, these Metadata are maintained by different Countries’ governments, big corporations, and so on to analyze your behavior, preferences. There are examples where people were detained or hassle by authorities because they made certain comments against their government or searched something on the internet. So Dark Net became an alternative internet that provides anonymity to people securely from the prying eyes of the government. Privacy is a privilege that should not be taken for granted. When your privacy is limited, then you suddenly became aware of what you type in search engines. This puts a limit on freedom of expression which is an intellectual blockade. This is the reason why the Dark Net has become an asylum for Whistle Blower, journalists who can express their opinion without any fear of being reprimanded.

Secondly, Dark Net is advertisement free. As discussed earlier, every activity about users is recorded in the vast database which is owned by big corporations. On the basis of those data, they analyze people’s likings and whatnot, and then they start to bombard them with different kinds of advertisements. Don’t believe me, try searching Youtube relating how to create your own website 2-3 times, next time even if you watch a funny cat video, they will be showing you web hosting or tech-related adds.

Finally, you cannot be stalked by any hackers. Your anonymity is preserved and you are sure that no one looking at financial records, medical records or browsing internet history. 

What is Bitcoin?

Bitcoin’s inception has its root in the 2008 global financial crisis. Where the banks, which were too big to fail like the Lehman Brothers, collapsed leading to a chain effect and ultimately causing a worldwide economic meltdown. In that crisis, many people were protesting against their central governments who did not take any precautionary measures to prevent this crisis leading to worldwide disbelief in their way of managing currency.

In this turmoil situation, an anonymous person or group of persons, known as Santoshi Nakamoto, published his research paper on public cryptography forum, where he said that he had developed an electronic cash system that will work over the internet which is based on peer to peer transaction. He explained his theory in his white paper with proof of concept. Later on, other brilliant minds decided to join him and that lead to the creation of the first global decentralized money or virtual currency known as bitcoin.

Now, it is time that you understand the concept of money. Fiat or physical currency that you carry is nothing more than a promissory note or legal tender that is recognized by everybody, why?? because the government of the country to which that currency belongs has promised or guaranteed that they will pay the value mentioned in that currency. In this way, we are trusting our government to make good on its promises by keeping the value of the currency afloat. So, what happens, when a government betrays our trust, the money becomes worthless, we lose our hard-earned saving,s and let’s say, what follows is not a good picture.

In peer to peer transactions, the value of bitcoin is determined by people based on demand and supply, when there is more demand for Bitcoin it’s price will increase and when there is less, it will decrease.

As of today, 13th  June 2020 at 4 hours 3 minutes 23 seconds, the current price index of bitcoin can be seen from this figure.

I like to point out another major thing, that is, BitCoin is a very volatile currency. History is witness, that value of bitcoin has increased sharply and in a similar way plunged, causing a lot of investors to lose their substantial money. So, if you are thinking of investing in bitcoin, make sure you do your homework. Don’t invest because your father’s friend’s son is getting rich by doing it.

The transaction of Bitcoin works as an open accounting system as there is a network of a lot of computers whose main job is to record the ownership of transactions in a public ledger which is called a blockchain. The process of recording the ownership of a transaction is called Mining. Every miner is rewarded with a Bitcoin for successful completion of the recording of the transaction. We will not go into the details of blockchain or mining because they are a huge topic on their own so it may be subject matter for my next video lectures.

In some countries, it is illegal to trade in bitcoin. In Nepal, it is illegal to trade in bitcoin, as you can see from this notice from Nepal Rastra Bank, which is the Central Bank of Nepal. It says clearly that Bitcoin is not recognized as the official currency of Nepal, so, it is illegal for anybody to carry out any transactions in the bitcoin. But, if you are in other countries, you want to first check with your country’s regulatory requirements before you decide to do transactions in bitcoin.

In the below tutorial, we will show you how a bitcoin wallet can be created using Electrum.

Important Concept of Money Laundering that you ought to know:

For newbies, Money laundering is not converting illegal money to legal but it is the process of hiding the source of income. The following example will clarify this concept.

Let’s say, somebody, we will call him Mr. Criminal, has stolen a whole bunch of credit cards. He cannot use those cards directly because the transactions can be traced and he will be caught. So, his next genius plan is to buy a lot of gift cards from those credit cards. Now, what he will do, is to covert the value of those gift cards into bitcoins. So, in this way what he has done is called money laundering. He had obtained those cards illegally by stealing and converted the money into gift cards. Again the source of income of that gift card is still stolen money from credit cards, right. Finally, once, he has converted gift cards into bitcoin, he has successfully hidden the source of income because the whole premise of bitcoin is based on privacy and anonymity.

Having said that, we don’t want you to take this point home, that is, bitcoin is bad. The purpose which had lead to the creation of Bitcoin was very good. It’s is the best gift for humankind. With privacy there comes anonymity. Both concepts look similar in a sense but may carry different meanings according to the situation. You want privacy, that is your right. But when somebody wants to be anonymous then the main objective here is that he does not want others to find out what is he doing. In most cases, that maybe not for the right purpose. Take the example of the Silk Road, where anybody could buy any kind of illegal drugs via Bitcoin. Yes, there are bad actors who are using bitcoin but aren’t there are in other sectors also.

Accessing Dark Net

I have found two ways to access Dark Net. One way is to install TOR Browser in your computer and configure it. You also need to have a good VPN. You can find instruction to install TOR Browser in windows, Linux, mac in the following link:
https://www.torproject.org/projects/torbrowser.html.en

The other method is using TAILS software. It is safe and easy to use. The following video shows how to use TAILS to access the darknet.

However, users should need to use some common sense while surfing through the deep web like never revealing their Personal Identification Information(PII). There are lots of scam websites on the darknet so caution is advised. Dark Net is also swamped with illegal websites so when you visit them there is still a chance that you will be tracked later.

Have happy and safe surfing.

SHARE if you found it useful….

Social Engineering Simplified

Risk Simplifiers
-
0
Social Engineering Simplified

Social Engineering is the term given to art or technique to manipulate people to perform action willingly which will benefit the person who performs such manipulation. It may be divulging sensitive information, obtaining any kind of financial benefit.

[pullquote]Social Engineering is not bad term as deemed by many people. It has served for good and bad purposes. One example may be the use of undercover agents to bring down whole organized crime. Here, undercover agent gains the trust of criminal then start to collect evidence against them to build case which can be later used to incarcerate them.[/pullquote]

It is a well-known fact that, although the organization has airtight security controls, it can still be penetration by compromising its’ employees. This article will primarily focus on human factors that are susceptible to social engineering attacks.

Why is Social Engineering so Effective

The social engineering is a dangerous arsenal in the hands of criminals because there is no control either hardware or software to prevent these kinds of attacks. We human beings are unique creatures with lot emotions like fear, greed, lust, anger, jealousy, kindness, empathy and a lot of time we make a decision based on these emotions when quick judgment is required. This is the reason why social engineering is so effective, by heightening any of those emotions mention above, any perpetrator can elicit the desired response from the target.

Medium of Social Engineering

The main purpose of social engineering is to trick any person to do certain activities.  The most successful methods of social engineering are:

  1. Phishing Attack: Here attackers will create a fake site almost similar to genuine sites and will trick a user to put their credentials on that site. Please feel free to watch my Phishing Attack video tutorial given below to learn comprehensive processes where attackers clone bank sites to harvest unsuspecting users ‘ internet banking credentials. These video tutorials will also demonstrate various ways to protect yourself against such attacks.
  2. Embedding Backdoor: This is a widely used method where an attacker will insert the malicious code in the legitimate apps and trick users to download them on the mobile.
  3. Vishing: Meaning Phishing using wire communication. Attackers will pretend they are from legitimate companies and ask for the user’s sensitive information.

These are only a few ways, but there are so many techniques available, and as a passage with time, these techniques are being more deadlier and effective.

Methods of Human-Based Social Engineering

Following are some of the social engineering techniques that are being applied by the attacker and also legitimate companies, sale person and anybody who want to have something from you. Therefore, understanding them is crucial.

1. Elicitation:
Elicitation is a method in which a person will disclose all the confidential information willing fully. There is one story where one German General during world war II,  used to take them for a long walk and chat with them along the way. He was so friendly, by the time they return from the walk, the prisoner would have given all the information.

2. Priming:
We, humans, make a split-second decision as if we were operating on an automatic pilot because all the impulse decision is guided by our preconceived notions and ideas. Have you wonder, how many times time your judgment based on the appearance of people was wrong.

3. Pretext:

As a pretext, the social engineer creates a scenario in such a way the victim will have no way out but select the alternative given by the perpetrator.

4. Persuasion

In his book, Robert Cialdini, Influence: The psychology of persuasion has resulted in six leaders influence individuals to get what they want. They are:• Give favor to obtain favor in reciprocity.
Commitment–Backing down implies tarnishing your self-image once you have engaged orally or in writing.
Social evidence–we’re doing stuff other individuals see doing.
Authority–People are obedient to figures of authority.
Liking–That’s why most individuals are doing their wife’s stuff than their mother’s.
Shortness–The more scarce things are, the more you want them.

5. Pre-loading:

You really want to go to the newly advertised barbeque store, but your wife wants to go to another restaurant. Now you’re beginning to speak about the last barbecue at home, how delicious it was, the sizzling sound and the aroma. Then, you pretend to go back to the newspaper, after turning a few pages, you look amazed and say to your wife, “Honey, you can imagine the city has a fresh barbecue store and it’s inexpensive. You want to go?”. I bet you the response will be in your favor definitely unless she is vegetarian.

In Preloading, the social engineer overloads the victim with the data so that the person acts according to the social engineer’s desires.

6. Manipulation:
Of course, this is the sinister method that can be used by the attacker. Usually, it is performed through the following ways: • Increasing suggestibility: by providing subtle clues to make your target accept your guidance.

Environmental control: primarily related to the control of the data received by the goal.

Creating Doubt: affect the system of objective beliefs in order to decrease its capacity to make reasonable choices.
Sense of powerlessness: targeting him / her to lose trust and manipulating him / her according to the will of the attacker.
Manipulating feelings: targeting something by evoking emotional reactions such as doubt, guilt, rage, humiliation.
Intimidating: Targeting by fear  of physical pain or other unpleasant circumstances.

Vulnerable Targets

1. Receptionists and Customer Help Desk Staff: These are the most susceptible goals to obtain confidential business data.

2. Technical Support Executives: The attacker impersonating as client, seller, etc. 3 can trick them into obtaining sensitive data. System Administrators: The system administrator is liable for keeping the organization’s system and may understand delicate data such as credentials for administrators.

4. Vendors: They may be aimed for information gathering.

5. Attacker users and clients may pose as someone from the organisation to deceive clients for data.

[stextbox id=’alert’]ARE YOU PLANNING TO TAKE ANY PROFESSIONAL CERTIFICATION EXAM LIKE CISA, CISSP OR OTHERS, SOONER OR LATER. TO HELP YOU IN THIS JOURNEY, WE HAVE JUST A MOBILE APP FOR YOU, WITH TON OF FEATURES AND “ABSOLUTELY FREE”.ALSO, CHECKOUT OUR YOUTUBE VIDEO PRESENTATION FOR THIS APP WHICH ALSO INCLUDES GREAT TIPS ON PASSING THESE EXAMS. [/stextbox]

Mitigation:

1. Awareness:
This is most essential as employees need to be conscious of various assaults on social engineering in order to recognize and protect them from these assaults. They should be correctly notified of the latest news of assaults on social engineering.

2. Classification:
The Organization must classify its data, a critical database. On that grounds, the employee should be allocated a suitable clearance level.

3. Physical Security:
The organization should invest in various safety measures such as guards, biometric equipment, fencing, etc.

4. Security Policies
Organizations should create and implement security policies with zero tolerance for non-compliance. Staff should be made aware of different penalties and liability that they need to endure if they don’t fully comply with those security policies.

5. Updating Software
Many organizations, like Windows XP, use outdated software and systems. They have already recognized vulnerabilities and exploits are easily accessible. Therefore, distinct security hole updates must be patched on organizational systems.

6. Doing Audit

Organization, by means of the simulation of the same assaults as a malicious social engineer, can employ qualified specialists to conduct social engineering audits to check the individual’s, policies, and physical perimeter.

It is enough to say that we can not be the victims of a social engineering attack, but we can protect ourselves if we become conscious of the assaults.

If you want to learn more about social engineering, best way to read different psychology books. Following are really interesting and educational book that is worth your time.

[the_ad id=”524″]

Thank you for reading. Thank you for reading. SHARE, SUBSCRIBE, please LIKE…

1...1,7571,7581,759Page 1,759 of 1,759
© Newspaper WordPress Theme by TagDiv