There's other good reasons not to use a random string! Try calling up customer service, they'll ask you the question, and you can say "oh it's just a bunch of random letters and numbers".

Unlike a code or password, these security questions are fuzzy matches generally based on the judgment of human on the other end.