What is not true with pre-shared key authentication within IKE / IPsec protocol:
A.
Pre-shared key authentication is normally based on simple passwords.
B.
Needs a PKI to work.
C.
Only one preshared key for all VPN connections is needed.
D.
Costly key management on large user groups.
Explanation:
Pre-Shared Secret is usually used when both ends of the VPN lacks access to a compatible certificate
server. Once you have defined all the endpoints in your VPN, you can establish a password that is
used to authenticate the other end of the connection, this is the Pre- Shared secret. Since you are
using Pre-Shared key because you don’t have an available / compatible certificate server, IPSEC and
IKE do not need to use PKI in this case (that actually provides the certificate server infrastructure).