MS-720 Question #102: Real Exam Question with Answer & Explanation

Question

You have a Microsoft Teams Phone deployment. You are deploying Direct Routing by using a certified Session Border Controller (SBC). The FQDN of the SBC is sbc1.contoso.com. You are signaling port 5067. You cannot place calls and receive an error message in the Microsoft Teams admin center as shown in the following exhibit. What is a possible cause of the issue?

Options

• ALocation-Based Routing is enabled for the SBC
• BThe Baltimore root certificate is missing on the SBC.
• CThe Forward P-Asserted Identify (PAI) header is disabled.
• DThe failover timer is set to 0 seconds

Explanation

Forwarding the P-Asserted Identity (PAI) header is required in Microsoft Teams Direct Routing so the SBC can properly relay caller identity information during SIP signaling - if this is disabled, the SBC strips or blocks the identity assertion Teams sends, causing outbound calls to fail with a signaling error in the admin center. Option A is wrong because Location-Based Routing being enabled restricts toll bypass for certain geographic scenarios but does not prevent all calls from connecting. Option B is incorrect because a missing Baltimore CyberTrust Root certificate would produce a TLS handshake failure error, not a signaling/routing error, and Microsoft has largely migrated to DigiCert-based certificates. Option D is wrong because a failover timer of 0 seconds controls how quickly traffic reroutes to a backup SBC - it doesn't block calls entirely, it just causes immediate failover.

Memory tip: Think of PAI as the SBC's "caller ID passport" - if the SBC won't forward it, Teams can't verify who is calling, so the call never goes through. When you see "cannot place calls" in Direct Routing, ask yourself whether the SBC is blocking identity headers before suspecting certificates or routing policies.

No community discussion yet for this question.