I spent a couple of years in college working on a learning content management system that had a large bank of randomized questions. Believe me, that's perfectly defeatable. I have existence proofs.
The question "RAND(1,100) + RAND(1,100) = ?" may represent 10,000 distinct questions, but the effort to answer them is only marginally greater than the effort you spent in writing it. Basically every CAPTCHA approach based on "I'll just have a bank of X" (questions, images, etc) will fail, because the spammers can classify faster than you can add to the set.
Note the "conventional" CAPTCHA, which has stood the test of time, doesn't have a "bank" of anything, it generates fresh stuff all the time. ReCAPTCHA has a bank, but it's structured to be way larger than any set of questions you will ever pull, and is also cleverly set up so that they still benefit a bit even if it is "broken".
Arguing about "RAND(1,100)..." is beside the point. First of all, adding two-digit numbers is _not_ something that's trivially easy for a lot of humans. But more importantly, it's not leveraging any level of textual natural language understanding. It's true that any spammer that decides to target your question will be able to write a rule for their rulebase that will defeat your captcha, but the whole thing that makes the spammer's task economical is that they spend zero or a very tiny amount of person-time per spammed site. This throws a spanner in the works.
I'm also not sure I'd say that the "conventional" variety has "stood the test of time". I still see sites using them, but many of them are now so hard for humans to make out that you have to make multiple tries. And that's if you're a human with good eyesight and full cognition. The audio captchas out there are loud and obnoxious and mostly incomprehensible.
The question "RAND(1,100) + RAND(1,100) = ?" may represent 10,000 distinct questions, but the effort to answer them is only marginally greater than the effort you spent in writing it. Basically every CAPTCHA approach based on "I'll just have a bank of X" (questions, images, etc) will fail, because the spammers can classify faster than you can add to the set.
Note the "conventional" CAPTCHA, which has stood the test of time, doesn't have a "bank" of anything, it generates fresh stuff all the time. ReCAPTCHA has a bank, but it's structured to be way larger than any set of questions you will ever pull, and is also cleverly set up so that they still benefit a bit even if it is "broken".