Contact Form 7 has support for Akismet, and reCaptcha; check the docs. Hidden fields are not useful, IMHO; they are still visible in the page source to a ‘scraper’. (Neither are ‘questions’ and some other techniques.)
The only useful thing that I have found is to add some Javascript to the form that senses human interaction: adding functions that look for on-click and/or on-focus of required fields. Bots have a difficult time with JS, although it is possible a targeted-to-your-specific-form spammer might be able to bypass that. But that is a highly-targeted attack.
I wrote a plugin that adds the on-click/on-focus sensing to CF7 forms: “FormSpammerTrap for Contact Form 7“. The form ‘target’ is modified to submit to a ‘honeytrap’ site, unless an on-click/on-focus is sensed on a required field – that resets the form ‘target’ to normal. A simple shortcode is used on the form to enable my plugins’ technique.
This blocks a lot of spammers, but there is no perfect solution. I’ve found that a combination of techniques: Akismet, reCaptcha, and my technique will catch a lot of (but not all) spam.