Here is how it would go... attacker gives a real answer, support says no that isn't it. Attacker goes, "oh, sometimes I give fake answers for the question... is it a really long string of characters?"

Or they could go through a few things like that, always giving the excuse that they give false answers until they stumble on the right one.