Use a password manager to generate 16 character strings as answers to each security questions. I guarantee your IT person will no longer remember them.
From my experiences trying to tell non-native or highly accented English speakers gibberish URLs or filenames, that would probably be an exercise in misery.
"Three. Like one-two-three." -> they hear "tree" or "123"
"'D'. Like Able Baker Charlie Delta." -> they hear anything ending in "ee", or "abelbakercharlydelta"
This. Security questions are almost always visible to humans in plaintext, and those humans are expected to be the judge of whether the security question was answered correctly.
I used to do random characters, but have switch to a string of random dictionary words. Still not perfect (since "a string of random words" could potentially be accepted as a valid answer), but I feel like having it be human-readable makes it less prone to that kind of fuzzing.
"Three. Like one-two-three." -> they hear "tree" or "123"
"'D'. Like Able Baker Charlie Delta." -> they hear anything ending in "ee", or "abelbakercharlydelta"
And so on, ad nauseum.