What kind of attack did Henry launch to obtain users' credentials?

The correct choice indicates that Henry launched an external attack to obtain users' credentials. An external attack typically involves an adversary who does not have authorized access to the system or network and aims to breach security measures from outside. In this context, Henry likely employed methods and techniques that are common in external attacks, such as exploiting vulnerabilities in the network or leveraging social engineering tactics.

Choosing this option reflects an understanding that external attackers often utilize various strategies to infiltrate systems, including exploiting weaknesses in security protocols or directly engaging users to collect sensitive information, rather than accessing the system from within a trusted environment.

The other options point to different types of attacks that assume varying degrees of proximity and access to the target. An internal attack typically suggests that the attacker is already within the organization and has some level of access to systems, which does not align with the scenario. A SQL injection attack is a technical exploit targeting databases specifically, while phishing attacks focus on tricking individuals into revealing personal information rather than breaching a system externally through technical exploits.

In this context, acknowledging that the attack was external helps ensure clarity about the nature and source of the threat involved.