A company is designing a multi-account strategy using AWS Organizations. They want to isolate their production environment from their development environment. They also need a centralized logging account to store all AWS CloudTrail logs securely. Which combination of actions represents the BEST practice for this architecture? (Select THREE)

Create separate Organizational Units (OUs) for Production and Development.

Create a dedicated Log Archive account and configure an Organization-level CloudTrail trail to deliver logs to an S3 bucket in this account.

Apply an SCP to the Organization root to prevent any member account from modifying or deleting the CloudTrail trail.

Use VPC peering to connect all Development VPCs to the Production VPCs.

Store the CloudTrail logs in the Management account.

Configure AWS IAM users in the Production account and share them with the Development account.