1) In the security assist wizard, the forgot password page also has a checkbox for removing the captcha.
to remove it after the fact, you will need to delete the captcha form element form the page, then edit the Server validation behavior and remove the validation for the captcha element.
2) No, the wizard will not add the security question without the captcha, you would need to add captcha which also includes the security question, then delete the captcha element and validation from the server validation behavior.
3) you need to create an admin section for managing the userGroupID access level. The access level values are determined by you.
most commonly, you would create another table to define the access levels:
Groups:
GroupID -> Primary Key
GroupName
then the ID would be set be the database when you create a group, for example:
+---------|---------------+
| GroupID | GroupName |
+---------|---------------+
| 1 | User |
+---------|---------------+
| 2 | Super User |
+---------|---------------+
| 3 | Administrator |
+---------|---------------+
in your admin page, you would set the userWhen setting up the user admin page using data bridge, you would set the userGroupID to be a menu and use the Groups table to populate it using the GroupID for the value and the GroupName for the label.
4) you will need to modify your security assist pages in order to use access levels in the site. On the security assist support page, in the archived documentation section is a user level access tutorial, it was written for V1, but the concept is still the same.