As part of the data governance team, you're implementing security measures that require encrypting all BigQuery data with a key managed by your team. The encryption material must be generated and stored exclusively on your on-premises hardware security module (HSM), yet you prefer using Google's managed solutions. How can you set up this encryption in BigQuery while adhering to these requirements? | Google Professional Data Engineer Quiz