Bot seems like by passing Registration Security Question plugin

[frostschutz]

This user has been denied support.

they are registering somehow without answering Registration Security Question

It seems to be possible with the current version of the plugin.

        $regq_id = intval($mybb->input['regsecureq_id']);
        // Only if id is valid, else we assume the regq block is not visible.
        if($regq_id > 0)

If the bot submits a registration form that doesn't have a regq_id in it, it just assumes that it didn't ask a question in the first place, and accepts the input. Thus it's bypassed. To fix, remove that if condition or replace it with if(1)

You could reject incomplete registration forms by using this code in member_do_register_start hook (use at your own peril, this one requires standard mybb captcha and registration security question plugins to be in active use):

global $mybb;

if(!isset($mybb->input[$mybb->settings['hiddencaptchaimagefield']])
   || !isset($mybb->input['regcheck1'])
   || !isset($mybb->input['regcheck2'])
   || !isset($mybb->input['regsecureans'])
   || !isset($mybb->input['regsecureq_id'])
   || !isset($mybb->input['language']))
{
     error("Internal error.");
}

It doesn't actually really prevent bypassing though, as bots can still post a regsecureq id <= 0.

The effectiveness depends on bot stupidity either way, as bots can simply be taught the correct answer to any question, and the bot can reuse that indefinitely, no matter how many questions you actually have because the client gets to choose which one it submits.