I treat all ‘security questions’, especially weak ones like ‘your mother’s maiden name’ (which in my case is also a few characters short of your Deutsche Bahn example’s limit) as password fields. So I provide unique answers per website asking for them, which are generated by my password generator, and store them in my password manager. It’s an act of information hygiene, imo.
"Periodic reminder that not everyone has a 'first name' and a 'last name'" ..and that not all names consist of six or more characters