When you request to reset your password (because you forgot or did not use a password manager), most online accounts will ask you to answer basic questions (which you setup when you registered your account) to proceed with the password reset and to recover your account. Recovery questions are used to confirm that the attempt to change anything (like password) came from the account owner.
The rule of thumb is never use recovery questions that are answerable by basic or common information that can be found on your social media like Facebook or Instagram page. This can be used against you. As an example, if you use "What's the name of you favourite pet" as the recovery question and your answer is the name of your pet that your are posting on every social media, this is like broadcasting your extra layer of protection against unauthorised access in plain sight. Let's explain this by giving a simple scenario:
A hacker has found you as a person of interest and got your email address from social media. The next thing that the attacker will do is to use that email address in social media, bank accounts or email providers and attempt to reset your password. Since you selected a common recovery question and answer, chances are that your account could be compromised if your other security settings are not enabled like 2FA or email notification when an attempt to change anything from your online account.
There are a lot of sample security questions. Here is a list from Quora. Review it for your reference and share in the comments below what will be the best answer forward.
As a Human Firewall, training yourself to think like a hacker will help you to be ready for potential compromise. Selecting an unusual recovery questions and being creative when answering is cyber smart.
Disclaimer: Following the Human Firewall tips are at your own discretion. Any actions you may take upon the information on this page is strictly at your own risk.