@bentael A Q&A box is just that, you supply the question, the answer that is entered must match what has be predefined in admin. So for example, you'll often see some sites that ask you
What's 4+2? You then enter 6 into the box, this is the correct answer, so registration passes. The answer box is given an id that makes it look like password verification to bots, but is human readable. Using a tougher question than that is always recommended. But if a question is relative to the forum being visited along the lines of
What is the name of the forum software here? the answer to this would be
NodeBB anything else would fail.
This is because spambots enter their registration details from an external form, so all form fields are passed inside the header. If you've got a form that looks like
What's the answer to the question?
But a bot would fill it out using the IDs, so
This would fail the Q&A portion of registration because a spambot would enter chuburpy321 for passwrd1 and chuburpy321 for passwrd2. (Passwords used by spambot aren't limited to chuburpy321:))