What is not true with pre-shared key authentication within IKE / IPsec protocol:
A.
Pre-shared key authentication is normally based on simple passwords.
B.
Needs a PKI to work.
C.
Only one preshared key for all VPN connections is needed.
D.
Costly key management on large user groups.
Explanation:
Pre-Shared Secret is usually used when both ends of the VPN lacks access to a
compatible certificate server. Once you have defined all the endpoints in your VPN, you can
establish a password that is used to authenticate the other end of the connection, this is the PreShared secret. Since you are using Pre-Shared key because you don’t have an available /
compatible certificate server, IPSEC and IKE do not need to use PKI in this case (that actually
provides the certificate server infrastructure).