I believe the answer should be b. Form. According to J2EE tutorial,
Specifying HTTP basic authentication requires that the server request a user name and password from the web client and verify that the user name and password are valid by comparing them against a database of authorized users in the specified or default realm.
Form-based authentication allows the developer to control the look and feel of the login authentication screens by customizing the login screen and error pages that an HTTP browser presents to the end user. When form-based authentication is declared, the following actions occur.
But the given answer is a.Basic.
So, when username and password are collected from a browser, they are encoded and put in the HTTP's "Authorization" header.
It does not matter what browser it is and how the browser implements the credential collection, the credentials will end up in the Authorization HTTP header.