Why does the Secure Zone's hard disk have 2 partitions?

If this hard disk is intended solely for storing backups, do not create the Secure Zone. It doesn't provide any value for your situation.

Secure Zone is really meant as a sub-optimal method of backup for people who have no external target to which to backup. If your drive fails, you would lose your system, files, and your Secure Zone backups.

As you have a separate drive for backups, just create backup images that will be written to that drive.

I don't understand your response at all. Yes, users could create the Secure Zone in unallocated space on their only hard disk but they could also create that same partition with a drive letter assigned to it. You don't need the Secure Zone to have some place to store your backups. You just need a partition somewhere (preferrably on a different hard disk but on the same one if all you have is one hard disk). The point of the Secure Zone is NOT to have someplace to store backups. It is to *secure* those backups away from accidental or intentional deletion or corruption by users or malware. The SZ is a *hidden* partition so it doesn't get a drive letter assigned to it (plus, as I recall, its partition type in the partition value doesn't match on known MS/DOS partition types).

Whether it's another partition on the only hard disk in the computer which has the OS on it or a partition on another hard disk, I don't want casual access to that partition. In other programs that afforded no protection of the backup location, I would use their pre- and post-commands in a backup job that ran a script to diskpart.exe that would assign a drive letter to the partition before the backup job and then remove the drive letter after the backup job finished. That way, only during the backup was their a window of vulnerability on the backup files. With the Acronis Secure Zone, I don't even have a window of vulnerability during the backup.

Why would I want users to have casual access to my backup files just because they are in a partition on a different hard disk than the one for the OS? Why would I want ransomware to easily find my backup files to set the hidden file attribute on them and even encrypt them so they are completely useless to me thereafter? Yes, there is malware that can interrogate the partitions of the hard disks and can figure out what file system is used on them (that they support) to corrupt their contents but most malware scans the drives to find files they can delete or corrupt.

I don't yet have an external USB-attached hard disk where I can store the backup files and then power off the device so no one and no malware can get at them. Besides, powering down the USB drive means it cannot be used for daily scheduled backups. I don't want to disable the IDE or SATA channels/controllers in the BIOS to block all access to those hard disks because, again, they couldn't be used for scheduled backups. I don't have a NAS disk to where I could save backups because, one, that would always have to be powered up so always accessible via the network, two, wouldn't work with ATI2012 because the networking drivers aren't part of the Linux environment used by the recovery CD (and getting WinPE for ATI2012 costs even more money). Having something I can enable and disable when it's needed is the best solution for me. I can use diskpart in the pre- and post-commands to assign/remove a drive letter to the partition - but why should I have to when the Secure Zone is available (and doesn't open a window of vulnerability during the backups)? I can even use devcon.exe, the command-line version of Device Manager, to enable/disable a device so I could also enable the device and assign a drive letter to it before the backup and then remove the drive letter and disable the device after the backup (except devcon will hang if the device is seen as inuse and requires a reboot to complete). So far, I really haven't felt compelled to enable/disable a device so it is available only during a backup job.

Also, that another partition gets created on the same hard disk that is being backed up does NOT require the use of an extended partition under which to define logical drives. You can have up to 4 partitions on a hard disk (there are 4 entries in the partition table) which can be primary or extended partitions. You can have up to 4 primary partitions, or 2 primary and 2 extended, or 1 primary and 1 extended, just so you are under the limit of 4 total.

The Secure Zone gives me the ability to hide my backup files without having to use external tools, like diskpart to assign/remove a drive letter to the backup location's partition.

So back to my original question without sidetracking into why I want to use the Secure Zone, is there a reason why Acronis creates the Secure Zone as a logical drive inside an extended partition. Even in the scenario where there is only one hard disk, obviously there has to be an empty slot available in the partition table to create an extended partition so that same empty slot could be used to define another primary partition. You could have 1 primary partition on disk #1 for the OS and 1 primary partition also on disk #1 for the Secure Zone. Or you could have 1 primary partition on disk #1 for the OS and another primary partition on disk #2 for the Secure Zone. So why does Acronis create an extended partition instead of a primary one?